Jenkin allows attackers to obtain passwords by reading the HTML source code

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...

The Undertow module of WildFly allows source code disclosure

The Undertow module of WildFly versions 8.1.0.Final, 8.2.0.Final, 9.0.0.CR1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL...

GHSA-4VWV-X3GP-2J4G The Undertow module of WildFly allows source code disclosure

The Undertow module of WildFly versions 8.1.0.Final, 8.2.0.Final, 9.0.0.CR1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL...

Online Discussion Forum Site 1.0 SQL Injection

Exploit Title: Online Discussion Forum Site 1.0 - 'id' Blind SQL Injection Date: 15/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html Version: 1.0...

Jenkins Pipeline SCM API for Blue Ocean Plugin 信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins is an open source automation server that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability can be exploited to access arbitrary user...

Jenkins Git Plugin 信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...

GHSA-V2C9-9M8V-8JJM Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

GHSA-8QQ4-8JVQ-MFW4 Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

GHSA-WHF8-3H58-2W9F Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability

Jenkins Warnings Next Generation Plugin has a form validation HTTP endpoint used to validate a Groovy script through compilation, which was not subject to sandbox protection. The endpoint checked for the Overall/RunScripts permission, but did not require POST requests, so it was vulnerable to...

Microsoft Visual Studio Code Remote Code Execution Vulnerability (CNVD-2022-60132)

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A remote code execution vulnerability exists in Microsoft Visual Studio Code, which arises from a failure of a networked system or product to properly filter specific elements of externally entered data during the...

CVE-2022-30448

Hospital Management System in PHP with Source Code HMS 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php...

CVE-2022-30449

The CVE-2022-30449 entry refers to the Hospital Management System in PHP with Source Code (HMS) 1.0, vulnerable to SQL injection via the editid parameter in room.php (reported in multiple sources). The NVD CVSS data indicates high/severe impact with network attack vector and no authentication, af...

CVE-2022-30448

The CVE-2022-30448 entry relates to the Hospital Management System (HMS) 1.0, a PHP-based app. A concrete vulnerability exists in treatmentrecord.php where file uploads are inadequately validated, enabling an attacker to upload a malicious file. The core issue is lack of proper validation for upl...

CVE-2022-1623

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tiflzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa...

PyScript 2022-05-04-Alpha Source Code Disclosure

Exploit Title: PyScript Remote Emscripten VMemory Python libraries Source Codes Read Date: 5-9-2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://pyscript.net/ Software Link: https://github.com/pyscript/pyscript Version: 2022-05-04-Alpha Tested on: Ubuntu Apache Server CVE :...

New REvil Samples Indicate Ransomware Gang is Back After Months of Inactivity

The notorious ransomware operation known as REvil aka Sodin or Sodinokibi has resumed after six months of inactivity, an analysis of new ransomware samples has revealed. "Analysis of these samples indicates that the developer has access to REvil's source code, reinforcing the likelihood that the...

Release of Technical Report into the AMD Security Processor

Posted by James Forshaw, Google Project Zero Today, members of Project Zero and the Google Cloud security team are releasing a technical report on a security review of AMD Secure Processor ASP. The ASP is an isolated ARM processor in AMD EPYC CPUs that adds a root of trust and controls secure...

CVE-2022-30286

pyscriptjs aka PyScript Demonstrator in PyScript through 2022-05-04 allows a remote user to read Python source code...