A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-10…
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs o…
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-10226
http://packetstormsecurity.com/files/152263/Fat-Free-CR…
「ユニクロ(UNIQLO)」とイタリアンブランド「マルニ(MARNI)」の初コラボレーションコレクシ…
新たなセキュリティ機能で対応ホスト機器のブート、セキュアなデータ管理と「保守修理規則」対応 カリフォ…
デンマーク コペンハーゲン発のプレミアムゲーミングオーディオブランド「EPOS」配信用のマイクやフル…
ゲームをプレイする際に音は非常に重要な要素の1つです。しかしオーディオの世界は青天井で、突き詰めてい…
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrar…
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is process…
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.
References
https://nvd.nist….
