CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000147
https://notcve.org/view.php?id=CVE-2018-1000147
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them Existe una vulnerabilidad de exposición de información sensible en el plugin Perforce en Jenkins, en versiones 1.3.36 y anteriores, en PerforcePasswordEncryptor.java que permite que atacantes con permisos insuficientes para obtener contraseñas Perforce las puedan conseguir. • https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 23EXPL: 1CVE-2010-0935
https://notcve.org/view.php?id=CVE-2010-0935
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. Perforce Server 2009.2 y anteriores, cuando la tabla de proteccion esta vacia, permite a usuarios remotos autenticados obtener super privilegios a traves del comando "p4 protect". • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html http://www.securityfocus.com/bid/36261 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2010-0932
https://notcve.org/view.php?id=CVE-2010-0932
The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command. El servidor FTP en Perforce Server 2008.1 permite a atacantes remotos producir una denegacion de servicio (desreferencia a puntero NULL y caida de demonio) a traves de cierto comando MKD. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.securityfocus.com/bid/36261 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2010-0929
https://notcve.org/view.php?id=CVE-2010-0929
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff. El servicio Perforce (p4s.exe) en Perforce Server 2008.1 permite a atacantes remotos producir una denegacion de servicio (caida de demonio) a traves de datos manipulados que empiezan con una secuencia de bytes 0x4c, 0xb3, 0xff, 0xff, and 0xff. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.securityfocus.com/bid/36261 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2010-0934
https://notcve.org/view.php?id=CVE-2010-0934
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script. La funcionalidad de inicio en Perforce Server 2008.1 permite a usuarios remotos autenticados con super privilegios ejecutar comandos del sistema operativo mediante el uso de un comando "cliente p4" en union con la secuencia de comando de inicio. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.securityfocus.com/bid/36261 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •