Malicious Package

Overview active-application is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

razzer

It is an offensive tool for Linux kernel exploitation. The primary CVE ID is not explicitly mentioned in the provided context, but the tool is designed to exploit kernel vulnerabilities, particularly those related to race conditions. The tool, named Razzer, is a kernel fuzzer that uses a modified...

Microsoft Office SharePoint Server Cross-Site Scripting Vulnerability

Microsoft Office SharePoint Server is a business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site...

Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability

Cisco Data Center Analytics Framework DCAF is a set of data center analytics framework from Cisco. The Cisco Data Center Analytics Framework suffers from a cross-site scripting vulnerability that arises from the program's failure to adequately validate user-submitted input. A remote attacker coul...

CVE-2017-1000502

Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...

Elevation Of Privileges

speaks is vulnerable to elevation of privileges. Users who have the Job/Configure permission can run Groovy code inside the Jenkins JVM, elevating their privilege to Overall/Run Scripts...

CVE-2017-1000403

Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts...

CVE-2017-1000393

Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...

CVE-2017-1000393

Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...

CVE-2017-1000393

Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...

CVE-2017-1000393

Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...

CVE-2017-1000393

CVE-2017-1000393 affects Jenkins 2.73.1 and earlier, and 2.83 and earlier. A misconfigured launch method, “Launch agent via execution of command on master,” allowed users with permission to create/configure agents to execute arbitrary shell commands on the master when launching agents. The underl...

CVE-2017-1000502

Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...

Design/Logic Flaw

Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...

CVE-2017-1000502

Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...

CVE-2017-1000502

CVE-2017-1000502 involves the Jenkins EC2 Plugin (versions 1.37 and earlier). When configuring an EC2 agent, a user could cause the agent to run arbitrary shell commands on the Jenkins master node at launch time. The vulnerability requires minimal user interaction and is tied to insufficient perm...

Google Chrome Blink Denial of Service Vulnerability (CNVD-2015-05799)

Google Chrome is a WEB-based browser. A vulnerability in the ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Google Chrome Blink allows remote attackers to construct a malicious WEB page and trick users into parsing it, which can bypass the same-origin policy and execut...

Active! mail 6 vulnerable to HTTP header injection

Overview Active! mail 6 from TransWARE Co. contains a HTTP header injection vulnerability. Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Taketo Ikeuchi of Hitachi Solutions, Ltd. reported this vulnerability to IPA...