CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

121 matches found

Prion•added 2019/11/21 3:15 p.m.•23 views

Design/Logic Flaw

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment...

4CVSS4.2AI score0.00031EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/11/21 2:11 p.m.•23 views

CVE-2019-16547

4.3AI score0.00031EPSS

Exploits0References2

AlpineLinux•added 2019/11/21 2:11 p.m.•32 views

CVE-2019-16547

4.3CVSS4.2AI score0.00031EPSS

Exploits0References2

Packet Storm•added 2019/04/30 12:0 a.m.•25 views

Yum Package Manager Persistence

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Yum Package Manager Persistence', 'Description' = %q This module will run a payload when the package manager is used. No handler is ran...

Exploits0

CNVD•added 2018/08/08 12:0 a.m.•3 views

CloudBees Jenkins Anchore Container Image Scanner Plugin Information Disclosure Vulnerability

CloudBees Jenkins is a set of Java-based continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Anchore Container Image Scanner Plugin is used in which a container inspection and...

6.5CVSS6.2AI score0.00259EPSS

Exploits0References1

OSV•added 2018/08/01 1:29 p.m.•2 views

CVE-2018-1999031

An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration...

6.5CVSS5.8AI score

Exploits0References1

Kitploit•added 2016/10/19 10:47 p.m.•11 views

WP Security Audit Log - The Ultimate WordPress Audit Trail Plugin

The WP Security Audit Log plugin is a WordPress plugin that keeps an audit trail of everything that happens on your WordPress and WordPress multisite network. There are several WordPress audit trail / log plugins available, tough we chose to review WP Security Audit Log because it is has the most...

6.9AI score

Exploits0

NVD•added 2015/05/01 3:59 p.m.•23 views

CVE-2015-3446

The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file .cfg...

9.3CVSS7.4AI score0.01472EPSS

Exploits0References3

Prion•added 2015/05/01 3:59 p.m.•13 views

Code injection

The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file .cfg...

9.3CVSS7.9AI score0.01472EPSS

Exploits0References3Affected Software1

Cvelist•added 2015/05/01 3:0 p.m.•25 views

CVE-2015-3446

The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file .cfg...

7.4AI score0.01472EPSS

Exploits0References3

CNVD•added 2015/05/01 12:0 a.m.•2 views

AlienVault Unified Security Management Remote Code Execution Vulnerability

AlienVault Unified Security Management is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system. A remote code execution vulnerability exists in the AlienVault Framework backend process of AlienVault USM that allow...

9.3CVSS8.5AI score0.01472EPSS

Exploits0References1

RedHat Linux•added 2015/02/17 10:27 p.m.•1 views

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

4.3CVSS6.6AI score0.05328EPSS

Exploits0References4

Exploit DB•added 2015/02/05 12:0 a.m.•95 views

Magento Server MAGMI Plugin - Multiple Vulnerabilities

Exploit Title: Magento Server MAGMI Plugin Local File Inclusion And Cross Site Scripting Software Link: http://sourceforge.net/projects/magmi/ Author: SECUPENT Website:www.secupent.com Email: researchatsecupentdotcom Date: 5-2-2015 ExploitLocal file inclusion :...

7AI score

Exploits0

CNVD•added 2015/01/15 12:0 a.m.•3 views

VDG Security SENSE Information Disclosure Vulnerability (CNVD-2015-00381)

VDG Security SENSE is a video management system VMS from VDG Security in the Netherlands. VDG Security SENSE suffers from an information disclosure vulnerability that allows an attacker to obtain sensitive information by reading plugin configuration files...

5CVSS6.2AI score0.00382EPSS

Exploits1References1

NVD•added 2015/01/08 3:59 p.m.•20 views

CVE-2014-9579

VDG Security SENSE formerly DIVA 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files...

5CVSS6AI score0.00382EPSS

Exploits1References3

Prion•added 2015/01/08 3:59 p.m.•20 views

Information disclosure

VDG Security SENSE formerly DIVA 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files...

5CVSS6.5AI score0.00382EPSS

Exploits1References3Affected Software1

CVE•added 2015/01/08 3:0 p.m.•40 views

CVE-2014-9579

CVE-2014-9579 affects VDG Security SENSE (formerly DIVA) 2.3.13. The vulnerability is an information disclosure where administrator credentials are stored in cleartext and can be obtained by reading the plugin configuration files. The issue stems from storing sensitive credentials in an insecure ...

5CVSS6.2AI score0.00382EPSS

Exploits1References3Affected Software1

Prion•added 2014/04/01 6:35 a.m.•17 views

Design/Logic Flaw

Red Hat JBoss Operations Network JON before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail...

3.5CVSS6.8AI score0.00129EPSS

Exploits1References2Affected Software1

Prion•added 2012/11/08 11:46 a.m.•16 views

Cross site request forgery (csrf)

The Java servlets in the management console in IBM Tivoli Federated Identity Manager TFIM through 6.2.2 and Tivoli Federated Identity Manager Business Gateway TFIMBG before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE securi...

5CVSS6.9AI score0.00405EPSS

Exploits0References7Affected Software2

Cvelist•added 2012/11/08 11:0 a.m.•19 views

CVE-2012-3315

6.4AI score0.00405EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by