Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 6 min 12 sec ago

Exploring the File System via Jenkins Credentials Plugin Vulnerability – CVE-2019-10320

24 May, 2019 - 12:22

Posted by Nightwatch Cybersecurity Research on May 24

[Original blog post here:
https://wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320/]

SUMMARY

The recently fixed vulnerability in the Jenkins Credentials plugin
(v2.1.19) allowed users with certain permissions to confirm existence
of a file on the server’s file system. While this doesn’t allow an
attacker to view the file content, the ability to obtain...

[REVIVE-SA-2019-002] Revive Adserver Vulnerability

24 May, 2019 - 12:21

Posted by Matteo Beccati via Fulldisclosure on May 24

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2019-002
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2019-002
------------------------------------------------------------------------
CVE-IDs: t.b.a.
Date: 2019-05-21
Risk Level: High...

New BlackArch Linux ISOs + OVA Image (2019.06.01) with 2200 Tools released

24 May, 2019 - 12:20

Posted by Black Arch on May 24

Dear list,

We've released the new BlackArch Linux ISOs and OVA image (version:
2019.06.01) along with many many improvements. They include more than
2190 tools now. The armv6h, armv7h and aarch64 repositories are filled
with about 2100 tools.

A ChangeLog of the Live-ISO-2019.06.01:

- added more than 150 new tools
- added 'jedi-vim' plugin
- updated vim plugins
- included every tool of BlackArch except:...

CMS Made Simple 2.2.10 - (Authenticated) Persistent Cross-Site Scripting

24 May, 2019 - 12:20

Posted by Manuel Garcia Cardenas on May 24

=============================================
MGC ALERT 2019-002
- Original release date: April 10, 2019
- Last revised: May 22, 2019
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
- CVE-ID: CVE-2019-11226
=============================================

I. VULNERABILITY
-------------------------
CMS Made Simple 2.2.10 - (Authenticated) Persistent Cross-Site Scripting

II. BACKGROUND
-------------------------
CMS Made...