20 matches found
EUVD-2021-21707
Malware in sbrugna...
EUVD-2022-5890
Malicious code in bioql PyPI...
EUVD-2022-5753
Malicious code in bioql PyPI...
CVE-2022-34181
Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller ...
Malicious code in publish-test-result-screenshot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf2cd13f851593ee5dc61c5c17c22a1efa0d43ec11f32023e7dfecfdd1c76adb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1525 Malicious code in test-result-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be46efd7d71b6494d55cf52ec783c591c2bfe3524cdfcc6a9d17ed75abb8d492 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in test-result-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be46efd7d71b6494d55cf52ec783c591c2bfe3524cdfcc6a9d17ed75abb8d492 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-7P6G-GR9G-VFX6 Jenkins LoadComplete support Plugin Cross-site Scripting vulnerability
Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name in its test result page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix...
GHSA-5WPG-QCMJ-48WH TestComplete support Plugin vulnerable to stored Cross-site Scripting
TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name in its test result page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix...
TestComplete support Plugin vulnerable to stored Cross-site Scripting
TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name in its test result page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. As of publication of this advisory, there is no fix...
Unnecessary precision loss in redeemKIBT()
Lines of code Vulnerability details Impact Unnecessary precision loss in redeemKIBT Proof of Concept If enter Deprecated mode, user can switch back to StableCoin by percentage with redeemKIBT The redeemKIBT implementation code is as follows: function redeemKIBTuint256 amount external override...
PT-2022-22043 · Jenkins · Jenkins Junit Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins JUnit Plugin versions 1119.va a 5e9068da d7 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because descriptions of test results are not properly escaped. This vulnerability is exploitable...
GHSA-X9GM-M8PP-54VX Jenkins JUnit Plugin CSRF vulnerability
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result...
Jenkins JUnit Plugin CSRF vulnerability
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result...
PT-2022-18835 · Jenkins · Jenkins Jiratestresultreporter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins JiraTestResultReporter Plugin versions 165.v817928553942 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified...
Apartment Visitors Management System 1.0 SQL Injection
Exploit Title: Apartment Visitors Management System 1.0 - 'email' SQL Injection Date: 20.01.2021 Exploit Author: CANKAT ÇAKMAK Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...
Fake COVID-19 test result email drops King Engine ransomware
By Deeba Ahmed “King Engine” ransomware is a variant of Hentai OniChan ransomware which, after infecting a system, asking for a ridiculous 50 BTC as ransom. This is a post from HackRead.com Read the original post: Fake COVID-19 test result email drops King Engine ransomware...
CloudBees Jenkins JUnit Plugin Cross-Site Request Forgery Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the U.S. CloudBees set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . JUnit Plugin is used in one of the Java...
CVE-2018-1000411
A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result...
Threat Outbreak Alert RuleID21947: Email Messages Distributing Malicious Software on March 27, 2016
Medium Alert ID: 44328 First Published: 2016 March 28 16:05 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID21947 may contain the following files: Name | Si...