13 matches found
CVE-2022-48475
Buffer Overflow vulnerability in Control de Ciber version 1.650, in the printing function. Sending a modified request by the attacker could cause a Buffer Overflow when the adminitrator tries to accept or delete the print query created by the request...
CVE-2022-4896
Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core...
Design/Logic Flaw
Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core...
CVE-2022-4896
Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core...
CVE-2022-4896
CVE-2022-4896 concerns Cyber Control, v1.650, where the server-side generation of pop-up windows for specific messages (PNTMEDIDAS, PEDIR, HAYDISCOA, SPOOLER) can be overwhelmed by concurrent requests, causing a complete denial of service on a core. Concrete details in connected records confirm a...
CVE-2022-4896
Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core...
PT-2023-15808 · Unknown · Control De Ciber
Name of the Vulnerable Software and Affected Versions: Control de Ciber version 1.650 Description: The issue is a Buffer Overflow vulnerability in the printing function. It occurs when an administrator tries to accept or delete a print query created by a modified request sent by an attacker. This...
Control de Ciber 安全漏洞
Control de Ciber is a network control software from Ciber Control open source. A security vulnerability exists in Control de Ciber version 1.650. An attacker exploited the vulnerability to cause a buffer overflow...
Jenkins < 1.650 - Java Deserialization
import random import string from decimal import Decimal import requests from requests.exceptions import RequestException Exploit Title: Jenkins CVE-2016-0792 Deserialization Remote Exploit Google Dork: intitle: "Dashboard Jenkins" + "Manage Jenkins" Date: 30-07-2017 Exploit Author: Janusz Piechów...
jenkins: HTTP response splitting vulnerability (SECURITY-238)
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...
jenkins: Non-constant time comparison of CSRF crumbs (SECURITY-245)
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach...
CVE-2016-0791
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach...
Jenkins 低权限用户 API 服务调用 可致远程命令执行
漏洞演示 将 Jenkins 跑起来后,在低权限用户下构造 XML 文档: hashCode open /Applications/Calculator.app false 0 0 0 start 1 发送 Payload 至接口 http://...:8080/jenkins/createItem?name=knownsec: 成功后服务端会运行 计算器 程序。 漏洞影响 影响版本: 1.650 (1.650版本已修复该问题) 从zoomeye.org上搜索设备指纹“Jenkins” 从搜索的结果来看,约存在20000个潜在受到影响的目标。 相关链接...