Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server...

Design/Logic Flaw

Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

Input validation

A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

CVE-2019-10289

Jenkins Netsparker Cloud Scan Plugin

CVE-2019-10289

A cross-site request forgery vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers to initiate a connection to an attacker-specified server...

CVE-2019-10290

A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

CVE-2019-10290

CVE-2019-10290 affects Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older. The vulnerability is a missing permission check in NCScanBuilder.DescriptorImpl#doValidateAPI, allowing attackers with Overall/Read permission to initiate a connection to an attacker-controlled server. Impact: potential ...

CVE-2019-10291

Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

CVE-2019-10291

Summary (concrete details): CVE-2019-10291 concerns the Jenkins Netsparker Cloud Scan Plugin (version 1.1.5 and older) which stored credentials in plaintext in the Jenkins master/global configuration file, exposing them to anyone with file-system access. Related connected data show the Enterprise...

PT-2019-11692 · Jenkins · Jenkins Netsparker Cloud Scan Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Netsparker Cloud Scan Plugin version 1.1.5 and older Description: A missing permission check in the NCScanBuilder.DescriptorImpldoValidateAPI form validation method allows attackers with Overall/Read permission to initiate a connectio...

FortiSandbox reflected XSS in the file scan component

A reflected Cross-Site-Scripting XSS vulnerability in Fortinet FortiSandbox may allow an attacker to execute unauthorized code or commands via the backurl parameter in the file scan component...

Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning

Osmedeus allow you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. How to use If you have no idea what are you doing just type the command below or check out the Advance Usage ./osmedeus.py -t example.com Installation git clone...

CVE-2019-10686

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...

Server side request forgery (ssrf)

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...

CVE-2019-10686

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...

CVE-2019-10686

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...

CVE-2019-10686

CVE-2019-10686 affects the Ctrip Apollo API up to 1.4.0-SNAPSHOT. The vulnerability is a Server-Side Request Forgery (SSRF) caused by mishandling the %23 substring, enabling an attacker to trigger intranet port scans or issue GET requests to /system-info/health. The issue is documented across mul...

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion PoC Exploit Title: Wordpress Anti-Malware Security and Bruteforce Firewall - Local File Inclusion Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: N/A Software...

H2T - Scans A Website And Suggests Security Headers To Apply

h2t is a simple tool to help sysadmins to hardening their websites. Until now h2t checks the website headers and recommends how to make it better. Dependences Python 3 colorama requests Install $ git clone https://github.com/gildasio/h2t $ cd h2t $ pip install -r requirements.txt $ ./h2t.py -h...

Webtech - Identify Technologies Used On Websites

Identify technologies used on websites. More info on the release's blogpost. CLI Installation WebTech is available on pip: pip install webtech It can be also installed via setup.py: python setup.py install --user Burp Integration Download Jython 2.7.0 standalone and install it into Burp. In...