CloudBees Jenkins global-build-stats plugin cross-site scripting vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . global-build-stats is used in which ...

OpenJDK: insufficient access control checks in ImageWatched (AWT, 8174098)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attac...

Oracle Web Center 11.1.1.9.0 / 12.2.1.1.0 / 12.2.1.2.0 XSS

Oracle Web Center XSS Details ======================================================================================== Product: Oracle Web Center Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0 Security-Risk: High Remote-Exploit: yes Vendor-URL: https://www.oracle.com/ CVE-ID: CVE-2017-10075 CVSS: 8....

CVE-2016-6244

The systhrsigdivert function in kern/kernsig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service panic via a negative "ts.tvsec" value...

HarfBuzz Denial of Service Vulnerability

HarfBuzz is a text engine for OpenType fonts. A security vulnerability exists in the hb-ot-layout-gpos-table.hh file in HarfBuzz 1.0.4 and earlier versions. A remote attacker can exploit this vulnerability to cause a denial of service with specially crafted data...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities in the linux-image-2.6.18-6-footbridge operating system from Debian GNU/Linux may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

Jive Forums 5.5.25 Directory Traversal

JiveForums " print " Usage: %s http://localhost /jiveforums/" % sys.argv0 sys.exit payload = 'servlet/JiveServlet?attachImage=true&attachment=/.././.././.././.././.././.././.././../etc/./passwd%00&contentType=image%2Fpjpeg' print "+ Trying to request :"+sys.argv1+sys.argv2+paylo...

Jive Forums 5.5.25 - Directory Traversal

Exploit for jsp platform in category web applications ''' JiveForums " print " Usage: %s http://localhost /jiveforums/" % sys.argv0 sys.exit payload = 'servlet/JiveServlet?attachImage=true&attachment=/.././.././.././.././.././.././.././../etc/./passwd%00&contentType=image%2Fpjpeg' print "+ Trying...

Vulnerabilities of the Red Hat Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The kernel-BOOT-2.4.20 package of the Red Hat Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the crash-kmp-desktop-debuginfo package of the OpenSUSE operating system can be exploited, leading to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the pcfclock-debuginfo package of the OpenSUSE operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Simploo CMS 1.7.1 PHP Code Execution

No description provided by source. Simploo CMS Community Edition - Remote PHP Code Execution Issue Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits ============= Discover...

BigAnt Server 2.52 - SEH (0day)

No description provided by source. !/usr/bin/python import socket, sys BigAnt version 2.52 0day Tested on XPSP2 & Win2k3 SP2 Discovered by Lincoln Thanks to muts & remote-exploit 650 or so bytes available after seh, easier to jump back root@BT4VM: ./bigant.py 192.168.87.130 Exploit sent! Connect ...

Network Weathermap 0.97a (editor.php) - Persistent XSS

No description provided by source. Network Weathermap 0.97a - Persistent XSS Earlier versions are also possibly vulnerable. INFORMATION Product: Network Weathermap 0.97a Remote-exploit: yes Vendor-URL: http://www.network-weathermap.com/ Discovered by: Daniel Ricardo dos Santos CVE Request -...

WordPress Pretty Photo Cross Site Scripting

Wp-Pretty Photo DOM Based XSS Vulnerability Details ======= Product: PrettyPhoto Plugin Security-Risk: Moderate Remote-Exploit: yes Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Vendor-URL: https://github.com/scaron/prettyphoto Vendor-Status: informed Advisory-Status:...

OpenJDK: Java2d Disposer security bypass (2D, 8017287)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability tha...

Network Weathermap 0.97a - 'editor.php' Persistent Cross-Site Scripting

Network Weathermap 0.97a - Persistent XSS Earlier versions are also possibly vulnerable. INFORMATION Product: Network Weathermap 0.97a Remote-exploit: yes Vendor-URL: http://www.network-weathermap.com/ Discovered by: Daniel Ricardo dos Santos CVE Request - 15/03/2013 CVE Assign - 18/03/2013 CVE...

Aspen 0.8 Directory Traversal

Aspen 0.8 - Directory Traversal Earlier versions are also possibly vulnerable. INFORMATION Product: Aspen 0.8 Remote-exploit: yes Vendor-URL: http://www.zetadev.com/software/aspen/ Discovered by: Daniel Ricardo dos Santos CVE Request - 15/03/2013 CVE Assign - 18/03/2013 CVE Number - CVE-2013-2619...

[MajorSecurity-SA-2013-014] Sony Playstation Vita Browser - firmware 2.05 - Adressbar spoofing

MajorSecurity-SA-2013-014Sony Playstation Vita Browser - firmware 2.05 - Adressbar spoofing Details ============= Product: Sony Playstation Vita Browser - firmware 2.05 CVE-ID: CVE-2013-XXXX Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://de.playstation.com/psvita/ Advisory-Status...

CVE-2012-2216 - Social Engine Multiples Vulnerabilities (XSS and CSRF)

Social Engine 4.2.2 Multiples Vulnerabilities Earlier versions are also possibly vulnerable. INFORMATION Product: Social Engine 4.2.2 Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Discovered by: Tiago Natel de Moura aka "i4k" Discovered at: 10/04/2012 CVE Notified: 10/04/2012 CVE...