|
274001
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.
|
CWE-20
Improper Input Validation
|
CVE-2015-1808
|
2024-11-21 11:26 |
2015-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274002
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building …
|
CWE-22
Path Traversal
|
CVE-2015-1807
|
2024-11-21 11:26 |
2015-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274003
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1806
|
2024-11-21 11:26 |
2015-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274004
|
- |
|
ibm
|
websphere_extreme_scale
|
Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a cr…
|
CWE-79
Cross-site Scripting
|
CVE-2015-2031
|
2024-11-21 11:26 |
2015-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274005
|
- |
|
ibm
|
websphere_extreme_scale
|
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack.
|
NVD-CWE-Other
|
CVE-2015-2030
|
2024-11-21 11:26 |
2015-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274006
|
- |
|
ibm
|
websphere_extreme_scale
|
Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier.
|
NVD-CWE-Other
|
CVE-2015-2029
|
2024-11-21 11:26 |
2015-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274007
|
- |
|
ibm
|
websphere_extreme_scale
|
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting …
|
NVD-CWE-Other
|
CVE-2015-2028
|
2024-11-21 11:26 |
2015-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274008
|
- |
|
ibm
|
websphere_extreme_scale
|
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an una…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-2027
|
2024-11-21 11:26 |
2015-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274009
|
- |
|
ibm
|
websphere_extreme_scale
|
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrar…
|
CWE-352
Origin Validation Error
|
CVE-2015-2026
|
2024-11-21 11:26 |
2015-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274010
|
- |
|
ibm
|
websphere_extreme_scale
|
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to captur…
|
CWE-200
Information Exposure
|
CVE-2015-2025
|
2024-11-21 11:26 |
2015-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
