1467 matches found
jenkins: UDP multicast/broadcast service amplification reflection attack
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...
DDoS attacks in Q4 2019
News overview In the past quarter, DDoS organizers continued to harness non-standard protocols for amplification attacks. In the wake of WS-Discovery, which we covered in the previous report, cybercriminals turned to Apple Remote Management Service ARMS, part of the Apple Remote Desktop ARD...
GitHub Security Lab: Dynamic reflection class
This bug was reported directly to GitHub Security Lab...
Jenkins < 2.219, < 2.204.2 LTS Multiple Vulnerabilities - Linux
Jenkins is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-2100
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...
FreeBSD : jenkins -- multiple vulnerabilities (a250539d-d1d4-4591-afd3-c8bdfac335d8)
Jenkins Security Advisory : DescriptionHigh SECURITY-1682 / CVE-2020-2099 Inbound TCP Agent Protocol/3 authentication bypass Medium SECURITY-1641 / CVE-2020-2100 Jenkins vulnerable to UDP amplification reflection attack Medium SECURITY-1659 / CVE-2020-2101 Non-constant time comparison of inbound...
CVE-2020-2100
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...
CVE-2020-2100
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...
Design/Logic Flaw
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...
CVE-2020-2100
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...
CVE-2020-2100
CVE-2020-2100 affects Jenkins <= 2.218 and LTS
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-1682 / CVE-2020-2099 Inbound TCP Agent Protocol/3 authentication bypass Medium SECURITY-1641 / CVE-2020-2100 Jenkins vulnerable to UDP amplification reflection attack Medium SECURITY-1659 / CVE-2020-2101 Non-constant time comparison of inbound...
CVE-2019-16517
An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative...
Calling Local Windows RPC Servers from .NET
Posted by James Forshaw, Project Zero As much as I enjoy finding security vulnerabilities in Windows, in many ways I prefer the challenge of writing the tools to make it easier for me and others to do the hunting. This blog post gives an overview of using some recent tooling I’ve released as part...
CORStest - A Simple CORS Misconfiguration Scanner
A simple CORSmisconfiguration scanner Based on theresearch of James Kettle CORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing CORS misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential...
CVE-2019-10771
Characters in the GET url path are not properly escaped and can be reflected in the server response...
CVE-2019-10174
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
CVE-2019-10174
CVE-2019-10174 concerns Infinispan. The public ReflectionUtil.invokeAccessibly method allows an application class to invoke private methods in any class with Infinispan’s privileges, enabling unintended behavior changes via reflection. Connected advisories (OSV/RHSA) reference a security fix path...
DDoS Attacks Target Amazon, SoftLayer and Telecom Infrastructure
The last 30 days has seen a renewed increase in distributed denial-of-service DDoS activity, according to researchers, who said that they have observed a number of criminal campaigns mounting TCP reflection DDoS attacks against corporations. Researchers at Radware said that the list of victims...
Cross site scripting
An issue was discovered in FusionPBX up to 4.5.7. In the file app\conferencecontrols\conferencecontroldetails.php, an unsanitized id variable coming from the URL is reflected in HTML on 2 occasions, leading to XSS...