|
247851
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_eventlog_analyzer
|
An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10076
|
2024-11-21 12:40 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247852
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_eventlog_analyzer
|
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10075
|
2024-11-21 12:40 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247853
|
8.8 |
HIGH
Network
|
jenkins
|
configuration_as_code
|
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionC…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-1000610
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247854
|
6.5 |
MEDIUM
Network
|
jenkins
|
configuration_as_code
|
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to ob…
|
CWE-200
Information Exposure
|
CVE-2018-1000609
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247855
|
7.2 |
HIGH
Network
|
jenkins
|
z\/os_connector
|
A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jen…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-1000608
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247856
|
6.5 |
MEDIUM
Network
|
jenkins
|
fortify_cloudscan
|
A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any…
|
CWE-20
Improper Input Validation
|
CVE-2018-1000607
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247857
|
6.5 |
MEDIUM
Network
|
jenkins
|
urltrigger
|
A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET reque…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-1000606
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247858
|
7.4 |
HIGH
Network
|
jenkins
|
collabnet
|
A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any s…
|
CWE-295
Improper Certificate Validation
|
CVE-2018-1000605
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247859
|
5.4 |
MEDIUM
Network
|
jenkins
|
badge
|
A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge conten…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000604
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247860
|
5.9 |
MEDIUM
Network
|
jenkins
|
saml
|
A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the pre-…
|
CWE-384
Session Fixation
|
CVE-2018-1000602
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
