CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2013-1410 – Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1410
12 Feb 2020 — Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities Perforce P4web versiones 2011.1 y 2012.1, presenta múltiples vulnerabilidades de tipo XSS. • https://www.exploit-db.com/exploits/38235 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000147
https://notcve.org/view.php?id=CVE-2018-1000147
05 Apr 2018 — An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them Existe una vulnerabilidad de exposición de información sensible en el plugin Perforce en Jenkins, en versiones 1.3.36 y anteriores, en PerforcePasswordEncryptor.java que permite que atacantes con permisos insuficientes para obtener contraseñas Perforce l... • https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2015-8965
https://notcve.org/view.php?id=CVE-2015-8965
06 Apr 2017 — Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called. Rogue Wave JViews en versiones anteriores 8.8 parche 21 y 8.9 en versiones anteriores parche 1 permite a atacantes remotos ejecutar código Java arbitra... • https://rwkbp.makekb.com/?View=entry&EntryID=2521 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2010-0933
https://notcve.org/view.php?id=CVE-2010-0933
05 Mar 2010 — Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command. Vulnerabilidad de salto de directorio en Perforce Server 2008.1 permite a usuarios remotos autenticados crear ficheros arbitrarios a traves de ..(punto punto) en el argumento del comando "añadir p4". • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2010-0929
https://notcve.org/view.php?id=CVE-2010-0929
05 Mar 2010 — The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff. El servicio Perforce (p4s.exe) en Perforce Server 2008.1 permite a atacantes remotos producir una denegacion de servicio (caida de demonio) a traves de datos manipulados que empiezan con una secuencia de bytes 0x4c, 0xb3, 0xff, 0xff, and 0xff. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2010-0930
https://notcve.org/view.php?id=CVE-2010-0930
05 Mar 2010 — The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number. El servicio Perforce (p4s.exe) en Perforce Server 2008.1 permite a atacantes remotos producir una denegacion de servicio (bucle infinito) a traves de datos manipulados que incluyen una secuencia de bytes 0xdc, 0xff, 0xff, y 0xff inmediatamente antes del ... • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2010-0931
https://notcve.org/view.php?id=CVE-2010-0931
05 Mar 2010 — The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value. El servicio Perforce (p4s.exe) en Perforce Server 2008.1 permite a atacantes remotos producir una denegacion de servicio (caida de demonio) a traves de datos manipulados que posiblemente incluyan a valor grande de sndbuf. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2010-0932
https://notcve.org/view.php?id=CVE-2010-0932
05 Mar 2010 — The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command. El servidor FTP en Perforce Server 2008.1 permite a atacantes remotos producir una denegacion de servicio (desreferencia a puntero NULL y caida de demonio) a traves de cierto comando MKD. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2010-0934
https://notcve.org/view.php?id=CVE-2010-0934
05 Mar 2010 — The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script. La funcionalidad de inicio en Perforce Server 2008.1 permite a usuarios remotos autenticados con super privilegios ejecutar comandos del sistema operativo mediante el uso de un comando "cliente p4" en union con la secuencia de comando de inicio. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 1CVE-2010-0935
https://notcve.org/view.php?id=CVE-2010-0935
05 Mar 2010 — Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. Perforce Server 2009.2 y anteriores, cuando la tabla de proteccion esta vacia, permite a usuarios remotos autenticados obtener super privilegios a traves del comando "p4 protect". • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html • CWE-264: Permissions, Privileges, and Access Controls •