6 matches found
CVE-2026-30863
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity tokens. When the adapter's audience configuration...
Improper Verification of Cryptographic Signature
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the authentication process when the audience configuration option is not...
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal RESTful Web Services unserialize RCE', 'Description' = %q This module exploits a PHP unserialize vulnerability in Drupal RESTful Web...
Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution
Analyzing the patch By diffing Drupal 8.6.9 and 8.6.10, we can see that in the REST module, FieldItemNormalizer now uses a new trait, SerializedColumnNormalizerTrait. This trait provides the checkForSerializedStrings method, which in short raises an exception if a string is provided for a value...
Drupal 8.5.x < 8.5.11 / 8.6.x < 8.6.10 Remote Code Execution (SA-CORE-2019-003)
According to its self-reported version, the instance of Drupal running on the remote web server is 8.5.x prior to 8.5.11, or 8.6.x prior to 8.6.10. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of data from non-form sources. %NASLMINLEVEL 70300 C...
Sendmail IDENT Remote root Vulnerability
Description A vulnerability in the IDENT function of sendmail 8.6.9 allows attackers to obtain remote root access. Very little other information on this vulnerability is currently available; this is an old vulnerability. Technologies Affected Eric Allman Sendmail 8.6.9 Upgrade to at least version...