PT-2019-11314 · Jenkins · Jenkins Job Import Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Import Plugin versions 2.1 and earlier Description: A sensitive information exposure issue exists, allowing attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified...

Command injection

Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection...

CVE-2018-19040

The Media File Manager plugin 1.4.2 for WordPress allows directory listing via a ../ directory traversal in the dir parameter of an mrelocatorgetdir action to the wp-admin/admin-ajax.php URI...

WordPress Plugin all_in_one_bannerRotator File Information Disclosure Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A file information disclosure vulnerability exists in the WordPress plugin allinonebannerRotator. An attacker can exploit the...

CloudBees Jenkins Crowd 2 Integration Plugin Server Request Forgery Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. It is mainly used to monitor continuous software version release/testing projects and some timed tasks.Crowd 2 Integration Plugin is used in which a Authentication Plugin. A...

WordPress. org can be worm attack stored XSS vulnerability disclosure-vulnerability warning-the black bar safety net

WP GDPR Compliance is WordPress, a very popular plugin, it is found that the presence of privilege escalation vulnerabilities, the exploits, the attacker can easily hijack thousands of websites. Although a plug-in vulnerability represents only use it on the website of the security flaws, however,...

The vulnerability of the load_image function in the GIMP graphic editor, related to reading beyond the buffer limit of memory, allows attackers to cause system failures, undermine data integrity, and compromise confidentiality.

The vulnerability of the loadimage function in the GIMP graphic editor’s plug-ins/common/file-gbr.c file is related to the issue of data being written beyond the buffer boundaries when processing UTF-8 formatted data. Exploiting this vulnerability can allow an attacker to cause service failures,...

JSmol2WP Arbitrary File Read Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL servers to set up a personal blog site.JSmol2WP Plugin is used in one of the plugin to support the view of the 3D chemical structure. A security...

Cross-Site Scripting (XSS)

wordpress is vulnerable to cross-site scripting XSS. The vulnerability is possible due to the input of malicious URL for certain use cases involving plugins...

CVE-2018-19341

The u3d plugin 9.3.0.10809 aka plugins\U3DBrowser.fpi in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at...

WordPress the-holiday-calendar plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. the-holiday-calendar plugin is used in one of the calendar plugin . A cross-site scripting vulnerability exists i...

CVE-2015-9269

The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format...

Asset Pipeline Catalog Traversal Vulnerability

Grails is the Grails project to develop a set of Groovy-based programming language and for rapid development of Web applications and open source frameworks . Asset Pipeline plugin is used in one of the plug-ins used to deal with static resources . Grails Asset Pipeline plugin version 3.0.4 before...

Wordpress plugin FV Flowplayer cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress plugin FV Flowplayer, which can be exploited by an attacker to...

WordPress Wordfence Security Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blog sites on PHP and MySQL servers.Wordfence Security is one of the security plug-ins, which provides firewalls, virus scanning, and traffic monitoring...

CVE-2018-15876

An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished...

CVE-2018-1000622

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

WordPress Ultimate Member plugin cross-site scripting vulnerability (CNVD-2018-12768)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL server set up a personal blog site. ultimate Member aka ultimatemember is one of the plug-ins used to create a member site or online community. A...

WordPress Redirection Redirection Vulnerability (CNVD-2018-15308)

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers set up a personal blog site . Redirection is one of the redirection plugin used to manage the 301 redirection and tracking 404 errors . A...

WordPress Advanced Order Export For WooCommerce CSV Injection

Exploit Title: Wordpress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/woo-order-export-lite/ Affected Version: 1.5.4 and before Category: Plugins and Extensions...