ロシアによるウクライナに対する戦争は「ハイブリッド戦争」と呼ばれ、軍事侵攻とサイバー攻撃が一体となっ…
「エースコンバット」と「トップガン マーヴェリック」が夢のコラボ!マーヴェリックスキンの「F-14A Tomcat」や「F/A-18E Super Hornet」が登場!
フライトシューティングゲームと航空アクション映画の金字塔同士が夢のコラボ!エスコン×トップガンのコラ…
高橋幸宏、ソロ活動50周年記念!『T.E.N.T Years Vinyl Box』収録ライブ音源の詳細発表!
1972年のサディスティック・ミカ・バンド参加より、音楽活動50周年を迎える高橋幸宏。彼がムーンライ…
[camaleon_cms] Camaleon CMS Stored Cross-site Scripting vulnerability
In “Camaleon CMS” application, versions 0.0.1 through 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when t…
[camaleon_cms] Camaleon CMS Insufficient Session Expiration vulnerability
Camaleon CMS 0.1.7 through 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.
Refe…
[com.xebialabs.deployit.ci:deployit-plugin] Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows enumerating credentials IDs
XebiaLabs XL Deploy Plugin 10.0.1 and earlier does not perform a permission check in a method implementing form validation.
This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be u…
[net-ldap] net-ldap has weak salt when generating passwords
The Ruby net-ldap gem before 0.16.2 uses a weak salt when generating SSHA passwords.
References
https://nvd.nist.gov/vuln/detail/CVE-2014-0083
https://github.com/ruby-ldap/ruby-net-ldap/commit/b412ca05f6b430eaa1ce97ac95885b4cf187b04a
https://bugzilla….
[org.jenkins-ci.plugins:scriptler] Stored XSS vulnerability in Jenkins Scriptler Plugin
Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create Scriptler scripts.
Scriptler…
[org.jenkins-ci.plugins:performance] XXE vulnerability in Jenkins Performance Plugin
Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
This allows attackers able to control workspace contents to have Jenkins parse a crafted XML report file that uses external entities for…
[org.biouno:uno-choice] Stored XSS vulnerability in Jenkins Active Choices Plugin
Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters.
This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission…