CVE-2013-4987
published 2013-11-08CVE-2013-4987: PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a…
PriorityP349high8.5CVSS 2.0
AVNACMAuSCCICAC
EXPLOIT
EPSS
2.99%
85.6th percentile
PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | async_http_client_plugin | — | — |
| jenkins | build_failure_analyzer_plugin | — | — |
| jenkins | image_gallery_plugin | — | — |
| jenkins | tap_plugin | — | — |
| jenkins | users_of_build_failure_analyzer_plugin | — | — |
| jenkins | users_of_image_gallery_plugin | — | — |
| jenkins | users_of_tap_plugin | — | — |
| pineapp | mail-secure | <= 3.69 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x586-8cqj-6257: PineApp Mail-SeCure before 3
ghsa_unreviewed·2022-05-17
CVE-2013-4987 [HIGH] GHSA-x586-8cqj-6257: PineApp Mail-SeCure before 3
PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.
Jenkins
Jenkins Security Advisory 2016-06-20
vendor_jenkins·2016-06-20·CVSS 4.3
CVE-2013-7397 [MEDIUM] Jenkins Security Advisory 2016-06-20
Title: Jenkins Security Advisory 2016-06-20
Jenkins Security Advisory 2016-06-20
This advisory announces vulnerabilities in these Jenkins plugins:
Async Http Client Plugin
Build Failure Analyzer
Image Gallery Plugin
TAP Plugin
Description
Path traversal vulnerability in TAP Plugin
SECURITY-85 / CVE-2016-4986
The plugin did not correctly filter a parameter and allowed reading arbitrary files on the file system.
Path traversal vulnerability in Image Gallery Plugin
SECURITY-278 / CVE-2016-4987
The plugin did not correctly validate form fields and allowed listing arbitrary directories and reading arbitrary files on the file system.
Cross-site scripting vulnerability in Build Failure Analyzer Plugin
SECURITY-290 / CVE-2016-49
No detection rules found.
2013-11-08
Published