[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 248268 Download | Alert*

Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.

Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.

A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.

An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature.

An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulnerability in the check cart page.

In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Service Path that facilitates privilege escalation.

MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.

MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.

Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin.


Pages:      Start    12611    12612    12613    12614    12615    12616    12617    12618    12619    12620    12621    12622    12623    12624    ..   24826

© SecPod Technologies