Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin

GitLab allows sharing a project with another group. Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group. This allows attackers to configure and share a project, resulting in a crafted Pipeline being...

Information disclosure

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...

CVE-2024-23901

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group...

How to lock out your ex-partner from your smart home

Stalkers can use all kinds of apps, gadgets, devices, and phones to spy on their targets, which are often their ex-partners. Unfortunately, while they no doubt have many positive uses, smart home devices give stalkers an array of tools to keep an eye on their targets. If you are the partner that...

PT-2024-1424 · Jenkins +1 · Jenkins Gitlab Branch Source Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Branch Source Plugin versions 684.vea fa 7c1e2fe3 and earlier Description: The issue is related to insufficient access control in the Jenkins GitLab Branch Source Plugin. This allows attackers to configure and share a project,...

Exploit for Forced Browsing in Fortra Goanywhere_Managed_File_Transfer

It is an exploit module targeting the GoAnywhere MFT vulnerabili...

Wiz ❤️ HashiCorp: Wiz’s new integration with Terraform Run Tasks helps customers slash risks and boost developer productivity

Mutual Wiz and HashiCorp customers can leverage this integration to scan their IaC configuration and enforce security best practices to reduce risk...

Exploit for Injection in Atlassian Confluence_Data_Center

Atlassian Confluence CVE-2023-22527 Scanner 🛡️ Overview 🌟...

Introducing Wordfence CLI 3.0.1: Now With Automatic Remediation!

Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall,...

PT-2024-26796

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer access issue has been resolved in the Linux kernel. The issue occurred when canceling a scan, potentially using a vif that was not scanning. The fix involves using the...

PT-2024-15665 · Sandsprite · Scdbg.Exe

Name of the Vulnerable Software and Affected Versions: Sandsprite Scdbg.exe version 1.0 Description: An Uncontrolled Resource Consumption issue has been found, allowing an attacker to send a specially crafted shellcode payload to the "/foff" parameter, causing an application shutdown. A malware...

Bugsy - Command-line Interface Tool That Provides Automatic Security Vulnerability Remediation For Your Code

Bugsy is a command-line interface CLI tool that provides automatic security vulnerability remediation for your code. It is the community edition version of Mobb, the first vendor-agnostic automated security vulnerability remediation tool. Bugsy is designed to help developers quickly identify and...

Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

PT-2024-9917

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the rcu nocb bypass lock function in the Linux kernel. It can be triggered when the kernel is built with CONFIG RCU NOCB CPU DEFAULT ALL=y and CONFIG RC...

Trend Micro Apex One Anti-Spyware Engine Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Server Side Request Forgery

automad is vulnerable to Server Side Request Forgery. The vulnerability is due to improper validation of the importUrl argument within FileController.php. This issue can be exploited by an attacker to internal perform a port scan against the local environment or abuse local services...

Exploit for Out-of-bounds Write in Hutool

json.org CVE-2022-45688 false positive The project contains...

CVE-2023-50858

Cross-Site Request Forgery CSRF vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34...

CVE-2023-50858

Cross-Site Request Forgery CSRF vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34...