EUVD-2008-1145

Malware in sbrugna...

Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability

Jenkins Warnings Next Generation Plugin has a form validation HTTP endpoint used to validate a Groovy script through compilation, which was not subject to sandbox protection. The endpoint checked for the Overall/RunScripts permission, but did not require POST requests, so it was vulnerable to...

GHSA-WHF8-3H58-2W9F Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability

Jenkins Warnings Next Generation Plugin has a form validation HTTP endpoint used to validate a Groovy script through compilation, which was not subject to sandbox protection. The endpoint checked for the Overall/RunScripts permission, but did not require POST requests, so it was vulnerable to...

GHSA-6RH5-23HX-J452 Improper Authorization in Jenkins Core

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g...

CVE-2008-1136

The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE SynCE-dccm allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679...

Apache Tomcat: Multiple vulnerabilities

Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description Multiple vulnerabilities have been discovered in Tomcat. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to cause a Denial of Service condition, obtain sensitive...

CVE-2008-1136

The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE SynCE-dccm allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679...