Cross site scripting

In Support Incident Tracker SiT! 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page...

Support Incident Tracker Cross-Site Scripting Vulnerability (CNVD-2020-04725)

Support Incident Tracker SiT! is a PHP and MySQL based technical support phone/email tracking system. A cross-site scripting vulnerability exists in the Load Plugins field of the config.php page in version 3.67 of SiT! The vulnerability stems from a lack of proper validation of client-side data i...

glpi -- Public GLPIKEY can be used to decrypt any data

MITRE Corporation reports: GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on...

RHEL 7 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2019:4055)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4055 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 7 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:4089)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4089 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.1 jenkins-2-plugins security update

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Multiple Jenkins Plugins Multiple Security Vulnerabilities

Description Jenkins plugins are prone to the following vulnerabilities: 1. Multiple information-disclosure vulnerabilities. 2. Multiple cross-site request forgery vulnerabilities. 3. Multiple HTML-injection vulnerabilities. 4. An XML External Entity injection vulnerability An attacker may...

A week in security (December 9 – 15)

Last week on Malwarebytes Labs, we cautioned readers against purchasing potentially privacy-invasive, cyber-insecure smart doorbells, warned about a new credit card skimmer vulnerability embedded within hundreds of fraudulent web sites selling supposedly name-brand shoes, and looked at the newest...

Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites

Attention WordPress users! Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder," or "Ultimate Addons for Elementor" and haven't recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit...

Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites

Attention WordPress users! Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder ," or "Ultimate Addons for Elementor " and haven't recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit...

RHEL 7 : OpenShift Container Platform 4.2 jenkins-2-plugins (RHSA-2019:4097)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:4097 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.2 jenkins-2-plugins security update

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2019-19627

SROS 2 0.8.1 after CVE-2019-19625 is mitigated leaks ROS 2 node-related information regardless of the rtpsprotectionkind configuration. SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2...

CVE-2019-19627

SROS 2 0.8.1 after CVE-2019-19625 is mitigated leaks ROS 2 node-related information regardless of the rtpsprotectionkind configuration. SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2...

Default configuration

SROS 2 0.8.1 which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2 leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document...

CVE-2019-19625

SROS 2 0.8.1 which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2 leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document...

Updated ansible packages fix security vulnerability

Updated ansible package fixes security vulnerability: Splunk and Sumologic callback plugins leak sensitive data in logs CVE-2019-14864...

EulerOS 2.0 SP2 : wireshark (EulerOS-SA-2019-2425)

According to the versions of the wireshark packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Wireshark is a network traffic analyzer for Unix-ish operating systems.This package lays base for libpcap, a packet capture and filtering...

RHEL 7 : ansible (RHSA-2019:3925)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:3925 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does n...

Multiple Jenkins Plugins Multiple Security Vulnerabilities

...