61 matches found
Cross site scripting
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-30966
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-30966
The CVE-2022-30966 entry involves Jenkins Random String Parameter Plugin (versions 1.0 and earlier). It describes a stored XSS vulnerability caused by the plugin not escaping the name and description of Random String parameters in views that display parameters. The risk requires attacker with Ite...
Jenkins Random String Parameter Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins Plugin is a cross-site scripting vulnerability in Jenkins Random Stri...
PT-2022-20422 · Jenkins · Jenkins Random String Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Random String Parameter Plugin versions 1.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the name and description of Random String parameters are not escaped on vie...
CVE-2021-23020
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys...
Insecure JWT Signing
yapi-vendor does not perform secure JWT signing. The function randStr uses a cryptographically insecure pseudo-random number generator Math.random to create a randomly looking string that later is used to sign and verify issued tokens...
The vulnerability of the get_random_string function in D-Link DIR-865L router software allows a hacker to disclose protected information.
The vulnerability of the getrandomstring function in D-Link DIR-865L router software is related to errors in the code of the pseudorandom number generator. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by this function...
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution
!/usr/bin/python3 Exploits the Citrix Directory Traversal Bug: CVE-2019-19781 You only need a listener like netcat to catch the shell. Shout out to the team: Rob Simon, Justin Elze, Logan Sampson, Geoff Walton, Christopher Paschen, Kevin Haubris, Scott White Tool Written by: Rob Simon and David...
Insecure Randomness
Overview org.pac4j:pac4j-saml is an is PAC4J package for the SAML Protocol. Affected versions of this package are vulnerable to Insecure Randomness. A insecure source of randomness is used to generate all of its random values as it relies upon apache commons lang3 RandomStringUtils. This SAML...
Insecure Randomness
Overview org.apereo.cas:cas-server-support-oidc is a package that allows allows CAS to act as an OpenId Connect Provider OP. Affected versions of this package are vulnerable to Insecure Randomness. A insecure source of randomness is used to generate all of its random values as it relies upon apac...
PT-2019-14615 · Jhipster +1 · Jhipster Kotlin +2
Name of the Vulnerable Software and Affected Versions: JHipster versions prior to 6.3.0 JHipster Kotlin versions prior to 1.2.0 Description: A vulnerability exists due to the use of an insecure source of randomness, specifically apache.commons.lang3 RandomStringUtils, which allows an attacker to...
Insecure Random String Creation
ranger-hdfs-plugin uses insecure randomness. The vulnerability exists due to the usage of a insecure random generator during the creation of the wildcard path, allowing attackers to guess a string which may be being used...
Xplico - Remote Code Execution (Metasploit)
Xplico - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xplico Remote Code Execution', 'Description' = %q This module exploits command injection vulnerability...
Xplico Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xplico Remote Code Execution', 'Description' = %q This module exploits command injection vulnerability. Unauthenticated users can register a new...
Xplico Remote Code Execution
This module exploits command injection vulnerability. Unauthenticated users can register a new account and then execute a terminal command under the context of the root user. The specific flaw exists within the Xplico, which listens on TCP port 9876 by default. The goal of Xplico is extract from ...
Malware exploit: Atrax
Type: Shell Upload Vulnerability Author: Xylitol import random import string import base64 import urllib import urllib2 CONFIG payload = 'pre?php ifisset$GET"c"system$GET"c";else echo"No input?";?/pre' url = 'http://localhost/atrax/' /CONFIG BOTMODEINSERT = 'b' BOT MODE BOTMODERUNPLUGIN = 'e'...
The vulnerability of the Moodle learning management system allows a hacker to obtain the user’s password.
The vulnerability of the mtrand function in implementations of randomstring and complexrandomstring of the Moodle learning management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain user passwords usin...
UBUNTU-CVE-2015-5267
lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mtrand function to implement the randomstring and complexrandomstring functions, which makes it easier for remote attackers to predict password-recovery tokens via a...
MyBB < 1.6.13 Multiple Vulnerabilities
Binary data 8629.prm...