CVE-2020-2276

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...

CVE-2020-2255

A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2020-2273

A cross-site request forgery CSRF vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials...

PT-2020-15497 · Jenkins · Jenkins Elastest Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ElasTest Plugin versions 1.2.1 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

PT-2020-3907 · Microsoft · Sharepoint Foundation +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A remote code execution issue exis...

CVE-2020-7522

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software V2.0 and earlier when accessing a vulnerable method of SoundUploadServlet which may lead to uploading executable files to non-specified directories...

ksmen.com.cn Cross Site Scripting vulnerability OBB-1272919

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2017-17522

...

v-os.ca Cross Site Scripting vulnerability OBB-1259041

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

PT-2020-3680 · Microsoft · Windows Work Folder Service +1

Name of the Vulnerable Software and Affected Versions: Windows Work Folders Service affected versions not specified Description: The issue is related to an elevation of privilege vulnerability. It occurs when the Windows Work Folders Service improperly handles memory. To exploit this, an attacker...

PT-2020-3838 · Microsoft · Windows Backup Engine +1

Name of the Vulnerable Software and Affected Versions: Windows Backup Engine affected versions not specified Description: The issue is related to an elevation of privilege vulnerability that exists when the Windows Backup Engine improperly handles memory. To exploit this, an attacker would first...

PT-2020-13259 · Comodo +1 · Combodo Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop affected versions not specified Description: The issue is related to Broken Access Control in a function within Combodo iTop. This allows an unauthorized attacker to inject commands and disclose system information. Recommendation...

PT-2020-3985 · Microsoft · Windows +1

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an elevation of privilege vulnerability that exists when DirectX improperly handles objects in memory. This could allow an attacker to run arbitrary code in kernel...

CVE-2016-7063

A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation...

CVE-2016-7063

A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation...

PT-2022-8867 · Radare2 +1 · Radare2 +1

Name of the Vulnerable Software and Affected Versions: radare2 affected versions not specified Description: A flaw was found in radare2 due to a mismatched array length in core java.c, which could allow an attacker to cause a crash and perform a denial of service attack. Recommendations: At the...

CVE-2020-2184

A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL...

CVE-2020-2184

A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL...

metasploit-framework

This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to exploit a vulnerability in a specific target, but the exact target and vulnerability are not specified in the provided code. The module is written in Ruby and uses the Metasploit framewor...

ONAP OOM Access Control Error Vulnerability

The ONAP OOM is the manager for deploying, managing, and operating the ONAP platform and its components and infrastructure within the ONAP Project's suite of ONAP network management systems. An access control error vulnerability exists in ONAP OOM Dublin and prior versions. An attacker can exploi...