Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) …
[org.richfaces:richfaces] JBoss RichFaces Improper Input Validation vulnerability
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.
…
バットマン亡き後のゴッサム・シティを描く「ゴッサム・ナイツ」が2022年10月25日(火)に発売決定!
ゴッサム・シティを舞台にした新作オープンワールドアクションRPG「ゴッサム・ナイツ」当初は2021年…
[VladTheEnterprising] VladTheEnterprising allows local users to write to arbitrary files via a symlink attack
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.
References
https://nvd.nist.gov/vuln/detail/CVE-2014-4996
https://exchange.xforce.ibmc…
[VladTheEnterprising] VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.
References
https://nvd.nist.gov/vuln/…
[backup_checksum] backup-agoddard and backup_checksum have Information Exposure vulnerability
(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by list…
[point-cli] point-cli allows local users to obtain sensitive information by listing the process
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
References
https://nvd.nist.gov/vuln/detail/CVE-2014-4997
http://ww…
[kajam] kajam allows local users to obtain sensitive information by listing the process
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local use…
[lean-ruport] lean-ruport allows local users to obtain sensitive information by listing the process
test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
References
https://nvd.nist.gov/vuln/detail/CVE-20…
[se.diabol.jenkins.pipeline:delivery-pipeline-plugin] Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability
The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter ‘fullscreen’ in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs. Version 1.0.8 of the plug…