58 matches found
SUSE CVE-2017-1000393
Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...
SUSE CVE-2017-1000403
Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts...
CVE-2022-41205
SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...
Cybozu Office 跨站脚本漏洞
Cybozu Office is a web-based, cross-platform collaborative office solution from Cybozu. Cybozu Office suffers from a cross-site scripting vulnerability that can be exploited by a remote attacker to trick a victim into following a specially crafted link and executing arbitrary HTML and script code...
Arbitrary shell command execution in Jenkins EC2 Plugin
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...
GHSA-J472-MCQ2-95P6 OS Command Injection in Jenkins
Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...
OS Command Injection in Jenkins
Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...
CVE-2022-26676
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...
CVE-2020-35986
A stored cross site scripting XSS vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter...
Cisco Firepower Management Center 跨站脚本漏洞
Cisco Firepower Management Center FMC is the next generation firewall management center software from Cisco. Cisco Firepower Management Center: 6.4.0.11 A cross-site scripting vulnerability exists, which results from insufficient cleaning of user-supplied data in the web-based management interfac...
CVE-2020-1575
A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...
RSA IG&L Aveksa 7.1.1 - Remote Code Execution Vulnerability
Exploit for multiple platform in category web applications Exploit Title: RSA IG&L Aveksa 7.1.1 - Remote Code Execution Exploit Author: Jakub Palaczynski, Lukasz Plonka Vendor Homepage: https://www.rsa.com/ Version: 7.1.1, prior to P02 CVE : CVE-2019-3759 all vulnerable versions can be found at...
PT-2020-2699 · Microsoft · Sharepoint Server +1
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site scripting issue exists due to improper sanitization of specially crafted web requests. An authenticated attacker could exploit this by sending a crafted...
Malicious Package
Overview active-delivery is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview secondhandspider is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview active-application is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview arethusacli is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using arethusacli...
Malicious Package
Overview aastra-xml-api is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using aastra-xml-a...
Malicious Package
Overview authenticated-client is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview apressdocumentation is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...