CVE-2023-1482 HkCms External Plugin code injection

A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack...

Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection

The plugin passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain To simulate a gadget chain, put the following code in a plugin class Evil...

CVE-2022-36043 Rizin Double Free in bobj.c when using qnx binary plugin

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rzbinrelocstoragefree when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this...

Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code...

GHSA-5XM3-48V5-6H7V Jenkins allows Remote Users to Obtain Sensitive Information from a Plugin Code

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code...

Information Disclosure

jenkins is vulnerable to information disclosure. The vulnerability exists as remotely authenticated users with Overall/READ permission can obtain sensitive information by reading the plugin code...

CVE-2017-15088

plugins/preauth/pkinit/pkinitcryptoopenssl.c in MIT Kerberos 5 aka krb5 through 1.15.2 mishandles Distinguished Name DN fields, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow and application crash in situations involving untrusted X.509 data,...

Buffer overflow

plugins/preauth/pkinit/pkinitcryptoopenssl.c in MIT Kerberos 5 aka krb5 through 1.15.2 mishandles Distinguished Name DN fields, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow and application crash in situations involving untrusted X.509 data,...

CVE-2017-15088

plugins/preauth/pkinit/pkinitcryptoopenssl.c in MIT Kerberos 5 aka krb5 through 1.15.2 mishandles Distinguished Name DN fields, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow and application crash in situations involving untrusted X.509 data,...

CVE-2017-15762

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001f31b."...

CVE-2017-15767

IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at CADIMAGE+0x00000000003d5b52."...

jenkins: plug-in code can be downloaded by anyone with read access (SECURITY-155)

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code...

CVE-2014-3667

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code...

PT-2014-5444 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 1.583 Jenkins LTS versions prior to 1.565.3 Description: The issue allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code, due to improper...

jenkins: plug-in code can be downloaded by anyone with read access (SECURITY-155)

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code...

[Snort 2.9.5] Network intrusion prevention and detection system (IDS/IPS)

Snort® is an open source network intrusion prevention and detection system IDS/IPS developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000...

CVE-2013-0973

Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream...

CVE-2013-0973

Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream...

Debian DSA-2186-1 : iceweasel - several vulnerabilities

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by...

Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-{3.0,3.5}, xulrunner-1.9.2 regression (USN-1049-2)

USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. We apologize for the inconvenience. Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn...