Given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.
index.js in oauth2orize-fprm is vulnerable to XSS via a crafted URL.
A race condition in the nginx module in Phusion Passenger allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.
expressCart allows remote attackers to create an admin user via a /admin/setup Referer header.
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8267.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8229.
Archive.java in Junrar is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.
Unauthorised users can hijack rooms when there is no m.room.power_levels event in force.
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227.
DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.
The security handlers in the Security component in Symfony have an Open redirect vulnerability when security.http_utils is inlined by a container.
The security handlers in the Security component in Symfony have an Open redirect vulnerability when security.http_utils is inlined by a container.
A session fixation vulnerability within the Guard login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
A session fixation vulnerability within the Guard login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
A session fixation vulnerability within the Guard login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
A session fixation vulnerability within the Guard login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit . A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.
Apache Geode server is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege.
DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler take the content of the _target_path parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks.
DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler take the content of the _target_path parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks.
An issue was discovered in the HttpFoundation component in Symfony. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.
The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.
The on_get_missing_events function in handlers/federation.py in Matrix Synapse has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.
An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a null password and valid username, which triggers an unauthenticated bind.
An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a null password and valid username, which triggers an unauthenticated bind.
An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a null password and valid username, which triggers an unauthenticated bind.
Ignite Realtime Openfire is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Website, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
The private_address_check ruby gem is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address.
URL Rewrite vulnerability.
URL Rewrite vulnerability in zend-feed.
URL Rewrite vulnerability in zend-http.
URL Rewrite vulnerability in zend-diactoros.
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.
The MXNet framework will listen on a port different from DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they did not expect to be listening on.
OWASP Dependency-Check allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
An attacker is able to craft a request that results in an HTTP (redirect) to an entirely different domain.
Unrestricted file upload (RCE) in express-cart module allows a privileged user to gain access in the hosting machine.
The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client does not support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.
charset is vulnerable to regular expression denial of service. Input of around k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is kb, so the impact of the ReDoS is relatively low.
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control …
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around k characters to block for 2 seconds making this a low severity issue.
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
The timespan module is vulnerable to regular expression denial of service. Given k characters of untrusted user input it will block the event loop for around seconds.
The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.
Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.
slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About k characters can block the event loop for 2 seconds.
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.
The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case, it can block the event loop causing a denial of service condition.
calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
node module suffers from a Path Traversal vulnerability due to lack of validation of files, which allows a malicious user to read content of any file with known path.
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
caolilinode is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
glance node module suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible.
citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
shenliru is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
cyber-js server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
myprolyz is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
liyujing is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.
looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
earlybird is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
The angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.
fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
list-n-stream is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of URLs, which allows a malicious user to read content of any file with known path.
dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
dylmomo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url, but is limited to accessing only .html files.
lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. Accessible files are restricted to files with .htm and .js extensions.
tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
byucslabsix is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
360class.jansenhmis vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing..` in the url.
yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
wffserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
yyooopack is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
dcserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
lab6drewfusbyu is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
myserver.alexcthomas18 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
exxxxxxxxxxx is an HTTP eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error.
pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
pytservce is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
The node-server-forfront package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
commentapp.stetsonwood is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
serve46 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
mockserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing ../ in the url.
fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
https-proxy-agent passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter (e.g. JSON).
lodash node module suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects.
assign-deep node module suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects.
merge-deep node module suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects.
smb is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
node-openssl is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodemailer-js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
The module npm-script-demo opens a connection to a command and control server. It has been removed from the npm registry.
cross-env.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.
node-opensl is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
noderequest is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
crossenv is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodemailer.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodesass is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
proxy.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
nodecaffe is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
opencv.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
mssql.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodemssql is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
mssql-node is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
openssl.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
http-proxy.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
shadowsock is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
The module pandora-doomsday infects other modules. It's since been unpublished from the registry.
nodeffmpeg is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
aegir is a module to help automate JavaScript project management. aegir publishes to npm the GitHub user token.
botbait is known to record and track user information. The module tracks the following information. Source IP, process.versions, process.platform.
node-opencv is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.
sshpk is vulnerable to ReDoS when parsing maliciously crafted invalid public keys.
Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function.
Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.
mixin-deep node suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects.
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.
Untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes).
By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.
defaults-deep node module suffers from a vulnerability, which allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects.
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS …
connect node module suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability due to a lack of validation of file names.
bracket-template suffers from reflected XSS when a variable passed via GET parameter is used in template
crud-file-server node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
If untrusted user input is allowed into the resolve() method then command injection is possible.
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.
A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron.
Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.
resolve-path relative path resolving suffers from a lack of file path sanitization for Windows based paths.
serve does not properly handle %2e (.) and %2f (/) and allows these characters to be used in paths, which can be used to traverse the directory tree up and lists content of any directory the user running the process has access to. Mitigating factors: This vulnerability only allows listing of directory contents and does not allow reading of arbitrary files.
Fastify is vulnerable to a denial-of-service attack by sending a request with Content-Type set to application/json and a very large payload.
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
A server-side request forgery vulnerability exists in the Jenkins CAS Plugin in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
A server-side request forgery vulnerability exists in the Jenkins GitHub Plugin in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
A server-side request forgery vulnerability exists in the Jenkins Git Plugin that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
A path traversal vulnerability exists in Jenkins in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
Apache Storm expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside the target folder.
An improper neutralization of control sequences vulnerability exists in Jenkins in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.
An information exposure vulnerability exists in Jenkins that allows users with Overall/Read access to enumerate all installed plugins.
A vulnerability exists in the Jenkins GitHub Plugin in GitHubServerConfig.java that allows attackers with Overall/Read IDs obtained through another method, to capture credentials stored in Jenkins.
A vulnerability exists in the Jenkins Kubernetes Plugin in ContainerExecDecorator.java that results in sensitive variables such as passwords being exposed through log messages.
Apache Storm expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.
nZEDb has an XSS vulnerability in the error page.
A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.
A server-side request forgery vulnerability exists in Jenkins that allows users with Overall/Read permission to have Jenkins submit an HTTP GET request to an arbitrary URL and learn whether the response is successful or not.
A command execution vulnerability exists in Jenkins Absint Astree in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master.
Socket depends on Math.random() to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.
The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
uri-js is a module that tries to fully implement RFC One of these features is validating whether a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos.
badjs-sourcemap-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
hostr allows an attacker to read files outside the current directory by sending ../ in the url path for GET requests.
The augustine node module suffers from a Path Traversal vulnerability due to lack of input validation, which allows a malicious user to read content of any file with known path.
hftp is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
f2e-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. This is compounded by f2e-server requiring elevated privileges to run.
gomeplus-h5-proxy is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing ../ in the URL.
Growl does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
mariadb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
d3.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
jquery.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
node-fabric is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
sqliter is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
sqlite.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodesqlite is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodefabric is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
sqlserver is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
node-sqlite is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
fabric-js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Because the /topic command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser.
The sync-exec module is used to simulate child_process Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.
node-jose is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.
http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.
Decamelize uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack.
An attacker that forces an error can crash the server, causing a denial of service.
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block.
When hapi encounters a malformed accept-encoding header, an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached.
If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body.
Nes contains a denial of service vulnerability that can be exploited via an invalid Cookie header. This is only present when websocket authentication is set to cookie. Submitting an invalid cookie on the websocket upgrade request will cause the node process to error out.
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.
marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
herbivore download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
The cloudpub-redis package downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
xd-testing is a testing library for cross-device (XD) web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.
libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
The clang-extra module installs LLVM's clang-extra tools and downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
gitook allows the injection of javascript code that be executed on the online reader.
Remarkable allows the use of data: URIs in links and can therefore execute javascript.
An attacker can inject scripts which are executed in some browsers.
The forms package does not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to XSS.
Sanitize-html is vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability.
ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.
In Morris, when control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded.
ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.
Because of how string interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser.
sanitize-html has a cross site scripting vulnerability.
html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.
Summit later allows an attacker to execute arbitrary commands via the collection name.
ikst download resources over HTTP, which leaves it vulnerable to MITM attacks.
gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to an HTTP url. Because of this behavior an attacker with the ability to man-in-the-middle a developer or system performing a package installation could compromise the integrity of the installation.
A Stored XSS in YOOtheme Pagekit allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to /storage/poc.svg that will point to http://localhost/pagekit/storage/poc.svg. When a user …
Open redirect in hekto when target domain name is used as html filename on server.
Command injection exists in pdf-image due to an unescaped string parameter.
pdfinfojs has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.
Information exposure through directory listings in serve allows directory listing and file access even when they have been set to be ignored.
nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server.
chromedriver126 is chromedriver for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
bionode-sra is a Node.js wrapper for SRA Toolkit that downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
The closurecompiler package downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
Fuseki server wrapper and management API in fuseki downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
closure-utils is Utilities for Closure Library based projects and downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
arrayfire-js is a module for ArrayFire for the Node.js platform. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
Graylog has an XSS security issue with unescaped text in notifications.
Graylog has an XSS security issue with unescaped text in dashboard names.
XSS in sexstatic causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.
Bitty is a development web server tool that functions similar to python -m SimpleHTTPServer. The package has a directory traversal vulnerability that is exploitable via the URL path in GET requests.
marked is an application that is meant to parse and compile markdown. Due to the way that marked parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (sanitize: true) to inject a javascript: URL. This flaw exists because &#xNNanything; gets parsed to what it could and leaves the rest behind, resulting in just anything; being left.
jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator.
The riot-compiler version has an issue in a regex (Catastrophic Backtracking) that make it unusable under certain conditions.
jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.
The primary function, minimatch(path, pattern) in Minimatch is vulnerable to ReDoS in the pattern parameter.
engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that Node.js handles the rejectUnauthorized setting. If the value is something that evaluates to false, certificate verification will be disabled.
appium-chromedriver is a Node.js wrapper around Chromedriver. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
galenframework-cli downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the Model#Escape function of backbone, if a user is able to supply input.
Due to the way that marked parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (sanitize: true) to inject a javascript: URL. This flaw exists because &#xNNanything; gets parsed to what it could and leaves the rest behind, resulting in just anything; being left.
Sinatra has XSS via the Bad Request page that occurs upon a params parser exception.
The npm module shell-quote cannot correctly escape > and < operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection.
sequelize is vulnerable to SQLi allowing attackers to delete data in the TestTable table.
gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.
The stattic node module suffers from a Path Traversal vulnerability due to lack of validation of paths, which allows a malicious user to read contents of any file with known path.
crud-file-server node suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.
atob allocates uninitialized Buffers when number is passed in input.
It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
mysqljs is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
node-tkinter is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
tkinter is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
pngcrush-installer download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
ibapi is an Interactive Brokers API addon for Node.js. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.
ibm_db downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
install-nw download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not.
The 'program extension upload' feature in OpenCart has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing random digits) via a directory traversal attack.
OpenCart allows directory traversal in the editDownload function related to the download_id. For example, an attacker can download ../../config.php.
An issue was discovered in Moodle. A Teacher creating a Calculated question can intentionally cause remote code execution on the server.
An issue was discovered in Moodle. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
An issue was discovered in Moodle. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.
An issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
An issue was discovered in Moodle. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
Jenkins uses AES ECB block cipher mode without an IV for encrypting secrets, which makes Jenkins and the stored secrets vulnerable to unnecessary risks.
Apache NiFi External XML Entity issue in SplitXML processor. Malicious XML content could cause information disclosure or remote code execution.
Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element.
This advisory has been marked as a False Positive and has been removed.
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service.
SQL Injection vulnerability in Dolibarr allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.
An SQL injection vulnerability in Dolibarr allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
jpeg_size in pdfgen.c in PDFGen has a heap-based buffer over-read.
Jenkins is vulnerable to an information disclosure vulnerability in search suggestions. The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
A Cross-site scripting (XSS) vulnerability in Dolibarr allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
The admin panel in Dolibarr might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
This vulnerability in Apache Solr relates to an XML external entity expansion (XXE) in Solr config files.
Undertow is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.
XSS in some development error pages.
Jenkins is vulnerable to a persisted cross-site scripting vulnerability in console notes. Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users, or users with SCM access, could configure jobs or modify build scripts such that they print serialized console notes that perform cross-site scripting attacks on Jenkins users viewing the build logs.
util/FileDownloadUtils.java in FileDownloader does not check an attachment name. If an attacker places ../ in the file name, the file can be stored in an unintended directory because of Directory Traversal.
In Apache ORC malformed ORC file can trigger an endlessly recursive function call in the Java parser.
The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file.
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable supportsCredentials for all origins.
Jenkins is vulnerable to an improper exclusion of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents.
Jenkins is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens.
In Jenkins, monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes.
In Jenkins low privilege users were able to override JDK download credentials, resulting in future builds possibly failing to download a JDK.
In Jenkins, low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks.
Jenkins is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs.
Jenkins is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names.
Jenkins is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create user records.
Spring contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Spring Framework when used in combination with Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.
Spring Framework allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
Spring Security OAuth contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.
Jenkins is vulnerable to a persisted cross-site scripting in parameter names and descriptions. Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139.
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer, Microsoft Edge, Internet Explorer This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8145.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8130, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8139.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137.
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge, Internet Explorer This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.
An open redirect vulnerability exists in the Jenkins Google Login Plugin that allows attackers to redirect users to an arbitrary URL after successful login.
A session fixation vulnerability exists in the Jenkins Google Login Plugin that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
hawtio is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
A path traversal vulnerability exists in the Jenkins HTML Publisher Plugin that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
Jenkins is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible. This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an UnprotectedRootAction.
Jenkins is vulnerable to an insufficient permission check for periodic processes.
A cross-site scripting vulnerability in the Jenkins S3 Plugin allows attackers to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
In Apache Derby, a specially-crafted network packet can be used to request the Derby Network Server to boot a database.
Apache Ambari is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem.
All versions of getcookies contain a malicious backdoor that allows a remote attacker to execute code on the web server that uses this module.
Matrix Synapse is prone to a denial of service flaw where malicious events injected with depth = 2^63-1 render rooms unusable, related to federation/federation_base.py and handlers/message.py.
An issue was discovered in libraries/common which allows users who have no password set to log in even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default).
This vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.
Unbounded memory allocation allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
A Cross-site scripting exists in GeniXCMS.
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika BPGParser.
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika ChmParser.
RisingStack protect contains a Cross Site Scripting (XSS) vulnerability in isXss() function in lib/rules/xss.js that can result in dangerous XSS strings being validated as safe. This attack appears to be exploitable via A number of XSS strings(26) detailed in the GitHub issue #16.
An issue was discovered in the Users Frontend. An XSS exists in the name field.
From Apache Tika, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.
Netwide Assembler (NASM) rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.
Netwide Assembler (NASM) has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
thinkphp has SQL Injection.
Cross-site scripting (XSS) vulnerability in the Enhanced Image plugin for CKEditor.
Cross-site scripting (XSS) vulnerability in the Enhanced Image plugin for CKEditor.
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor allows remote attackers to inject arbitrary web script through a crafted IMG element.
phpMyAdm has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
Parsedown contains a Cross Site Scripting (XSS) vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST boundaries.
There's a Cross-Site Scripting (XSS) vulnerability in system log of back end. With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker themselves does not have to be logged in.
Mautic allows CSV injection.
LightSAML contains an Incorrect Access Control vulnerability in signature validation.
When using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.
In Apache wicket-jquery-ui JS code created in WYSIWYG editor will be executed on display.
XSS vulnerabiltiy in drupal.
Mautic before v2.13.0 has stored XSS via a theme config file.
XSS vulnerabiltiy in drupal.
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
An issue was discovered in Mautic It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.
Jenkins allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins.
Crypt encryption compromised.
A cross-site scripting vulnerability exists in Jenkins in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions.
With the right knowledge, code, and GPU calculation power, Crypt encryption can be broken in minutes.
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore.
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
Dolibarr ERP/CRM is affected by an SQL injection in versions via product/stats/card.php (type parameter).
Spring Framework allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
Jenkins is vulnerable to an insufficient permission check. This allows users with permissions to create new items to overwrite existing items they don't have access to.
Spring Data Commons contains a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
Spring Data Commons contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data projection-based request payload binding hat can lead to a remote code execution attack.
Netwide Assembler (NASM) rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting vulnerabilities.
Dolibarr is affected by stored Cross-Site Scripting.
This vulnerability relates to an XML external entity expansion (XXE) in the &dataConfig=<inlinexml> parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
The page module in TYPO3 is vulnerable to XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.
The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
Spring Framework allows applications to configure Spring MVC to serve static resources (e.g., CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead …
When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead …
This vulnerability in Apache Hive JDBC allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin that allows an attacker with local file system access to obtain GitHub credentials.
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin that allows attackers with local file system access to obtain a list of authorities for logged-in users.
In Apache Hiveto, malicious user might use any xpath UDFs to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.serverenable.doAs=false.
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.
An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin that allows an attacker with local file system access to obtain GitHub credentials.