23 matches found
CVE-2019-16557
Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
EUVD-2020-7513
Malware in sbrugna...
EUVD-2022-50627
Malicious code in bioql PyPI...
CVE-2022-47870
A Cross Site Scripting XSS vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter...
CVE-2022-47870
A Cross Site Scripting XSS vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter...
CVE-2022-47870
CVE-2022-47870 is a documented XSS in Redgate SQL Monitor 12.1.31.893, affecting the web SQL Monitor login page via the returnUrl parameter. The vulnerability can enable arbitrary script/HTML injection on the client-side and, per exploit descriptions, may lead to session cookie disclosure and acc...
CVE-2022-47870
A Cross Site Scripting XSS vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter...
SQL Monitor 12.1.31.893 Cross Site Scripting
Exploit Title: SQL Monitor 12.1.31.893 - Cross-Site Scripting XSS Date: 12/21/2022 02:07:23 AM UTC Exploit Author: [email protected] Vendor Homepage: https://www.red-gate.com/ Software Link: https://www.red-gate.com/products/dba/sql-monitor/ Version: SQL Monitor 12.1.31.893 Tested on: Window...
GHSA-X23M-8C2H-6WG7 Redgate SQL Change Automation Plugin stored credentials in plain text
Redgate SQL Change Automation Plugin 2.0.4 and earlier stores a NuGet API key unencrypted in job config.xml files as part of its configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system. This is due to an incomplete fix ...
Redgate SQL Change Automation Plugin stored credentials in plain text
Redgate SQL Change Automation Plugin 2.0.4 and earlier stores a NuGet API key unencrypted in job config.xml files as part of its configuration. This credential could be viewed by users with Extended Read permission or access to the Jenkins controller file system. This is due to an incomplete fix ...
Red Gate Software Redgate SQL Monitor Information Disclosure Vulnerability
Red Gate Software Redgate SQL Monitor is a database monitoring tool from Red Gate Software, UK. The product supports Microsoft SQL Server monitoring, alerting, analysis and more. A security vulnerability exists in Red Gate Software Redgate SQL Monitor versions 7.1.4 through 10.1.6, which originat...
CVE-2020-15526
In Redgate SQL Monitor 7.1.4 through 10.1.6 inclusive, the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration Notifications pages to disable certificate checking for alert notifications. These TLS security checks are als...
CVE-2020-15526
CVE-2020-15526 affects Redgate SQL Monitor versions 7.1.4 through 10.1.6, where the scope for disabling TLS certificate checks could extend beyond the intended Configuration > Notifications, also affecting VMware monitoring. This allows potential man-in-the-middle attacks when sending alert no...
CVE-2020-15526
In Redgate SQL Monitor 7.1.4 through 10.1.6 inclusive, the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration Notifications pages to disable certificate checking for alert notifications. These TLS security checks are als...
Redgate SQL Monitor SQL Injection Vulnerability
Redgate SQL Monitor is a Microsoft SQL Server monitoring, alerting and analysis tool for database administrators. Redgate SQL Monitor 9.0.13 - 9.2.14 suffers from a SQL injection vulnerability. The vulnerability can be exploited by administrator users to conduct SQL injection attacks by configuri...
CVE-2020-2095
Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-16557
Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-16557
Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-16557
Summary: CVE-2019-16557 affects Jenkins with the Redgate SQL Change Automation Plugin 2.0.3 and earlier. The issue is that credentials are stored unencrypted in job config.xml files on the Jenkins master, enabling exposure to anyone with Extended Read permissions or access to the master filesyste...
CVE-2019-16557
Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...