108 matches found
Fastly VDP: Cache purge requests are not authenticated
Vulnerability description not provided...
Fastly VDP: CVE-2018-6389 exploitation - using scripts loader
Vulnerability description not provided...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963: Spring4Shell RCE Exploit This is a python im...
Fastly Secret Disclosure
Correspondence from Fastly declined to comment regarding new discovered vulnerabilities within their website. Poor practices regarding password changes. 1. Reset user password 2. Access link sent 3. Temporary password sent plaintext // HTTP POST request POST...
Fastly Secret Disclosure Vulnerability
Fastly suffers from the poor practice of sending a temporary password in plaintext. Correspondence from Fastly declined to comment regarding new discovered vulnerabilities within their website. Poor practices regarding password changes. 1. Reset user password 2. Access link sent 3. Temporary...
CVE-2015-10094
A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version...
Cross site scripting
A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version...
CVE-2015-10094
The vulnerability CVE-2015-10094 affects the Fastly Plugin for WordPress (versions up to 0.97). The issue resides in function post of lib/api.php, where manipulation of the url argument enables cross-site scripting. Exploitation may be remote, and upgrading to version 0.98 addresses the issue (pa...
CVE-2015-10094 Fastly Plugin api.php post cross site scripting
A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version...
PT-2023-10273 · Fastly · Fastly Plugin
Name of the Vulnerable Software and Affected Versions: Fastly Plugin versions up to 0.97 Description: A vulnerability was found in the Fastly Plugin, which has been rated as problematic. The issue affects the function post of the file lib/api.php. The manipulation of the url argument leads to...
WordPress plugin Fastly 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Russian Hacktivist Group Targets Political Websites with DDOS Attacks
A Russian hacktivist group calling itself “The People’s Cyberarmy” called on its members to target the American Democratic party website at with DDOS Distributed Denial of Service attacks this morning, November 8th, 2022, which is Election Day in the United States. A post in their Telegram channe...
GHSA-CMR8-5W4C-44V8 Fastly Compute@Edge JS Runtime has fixed random number seed during compilation
Impact Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG cryptographically secure pseudorandom number generator was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for th...
@adobe/helix-deploy (>=7.0.0 <=7.0.8) potentially affected by CVE-2022-39218 via @fastly/js-compute (>=0.4.0 <=0.5.2)
@fastly/js-compute NPM version =0.4.0, =7.0.0, =7.0.8 Source cves: CVE-2022-39218 Source advisory: OSV:GHSA-CMR8-5W4C-44V8...
Fastly Compute@Edge JS Runtime has fixed random number seed during compilation
Impact Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG cryptographically secure pseudorandom number generator was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for th...
CVE-2022-39218
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...
Design/Logic Flaw
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...
CVE-2022-39218 Random number seed fixed during compilation
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...
CVE-2022-39218 Random number seed fixed during compilation
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...
CVE-2022-39218 Random number seed fixed during compilation
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...