|
290351
|
- |
|
jenkins
|
jenkins
|
Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.
|
CWE-79
Cross-site Scripting
|
CVE-2014-2065
|
2024-11-21 11:05 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290352
|
- |
|
jenkins
|
jenkins
|
The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vector…
|
CWE-200
Information Exposure
|
CVE-2014-2064
|
2024-11-21 11:05 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290353
|
- |
|
jenkins
|
jenkins
|
Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-2063
|
2024-11-21 11:05 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290354
|
- |
|
jenkins
|
jenkins
|
Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token.
|
CWE-287
Improper Authentication
|
CVE-2014-2062
|
2024-11-21 11:05 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290355
|
- |
|
jenkins
|
jenkins
|
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default val…
|
CWE-310
Cryptographic Issues
|
CVE-2014-2061
|
2024-11-21 11:05 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290356
|
- |
|
jenkins
|
jenkins
|
The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-2060
|
2024-11-21 11:05 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290357
|
- |
|
jenkins
|
jenkins
|
BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to bypass access restrictions and execute arbitrary jobs by configuring a job to trigger another job. NOT…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2058
|
2024-11-21 11:05 |
2014-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290358
|
- |
|
vbulletin
|
vbulletin
|
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conc…
|
CWE-89
SQL Injection
|
CVE-2014-2022
|
2024-11-21 11:05 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290359
|
- |
|
opensuse
python
|
opensuse
requests
|
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.
|
CWE-200
Information Exposure
|
CVE-2014-1830
|
2024-11-21 11:05 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290360
|
- |
|
debian
python
canonical
mageia
|
debian_linux
requests
ubuntu_linux
mageia
|
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
|
CWE-200
Information Exposure
|
CVE-2014-1829
|
2024-11-21 11:05 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
