|
248021
|
5.9 |
MEDIUM
Network
|
jenkins
|
saml
|
A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-…
|
CWE-384
Session Fixation
|
CVE-2018-1000602
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248022
|
6.5 |
MEDIUM
Network
|
jenkins
|
ssh_credentials
|
A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configu…
|
CWE-200
Information Exposure
|
CVE-2018-1000601
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248023
|
8.8 |
HIGH
Network
|
jenkins
|
openstack_cloud
|
A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JClo…
|
CWE-200
Information Exposure
|
CVE-2018-1000603
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248024
|
8.8 |
HIGH
Network
|
jenkins
|
github
|
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using att…
|
CWE-200
Information Exposure
|
CVE-2018-1000600
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248025
|
6.1 |
MEDIUM
Network
|
qutebrowser
|
qutebrowser
|
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000559
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248026
|
6.5 |
MEDIUM
Network
|
ocsinventory-ng
|
ocsinventory_ng
|
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full acces…
|
CWE-89
SQL Injection
|
CVE-2018-1000558
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248027
|
6.1 |
MEDIUM
Network
|
ocsinventory-ng
|
ocsinventory_ng
|
OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000557
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248028
|
6.1 |
MEDIUM
Network
|
veronalabs
|
wp_statistics
|
WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which co…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000556
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248029
|
9.8 |
CRITICAL
Network
|
trovebox
|
trovebox
|
Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP reques…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2018-1000554
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248030
|
8.8 |
HIGH
Network
|
trovebox
|
trovebox
|
Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-1000553
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
