Lucene search
K

108 matches found

Hacker One
Hacker One
added 2023/04/12 12:36 a.m.117 views

Fastly VDP: Cache purge requests are not authenticated

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/03/19 6:49 p.m.89 views

Fastly VDP: CVE-2018-6389 exploitation - using scripts loader

Vulnerability description not provided...

7.5CVSS7.3AI score0.73098EPSS
Exploits11
GithubExploit
GithubExploit
added 2023/03/13 1:28 p.m.412 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963: Spring4Shell RCE Exploit This is a python im...

9.8CVSS9.6AI score0.99939EPSS
Exploits36
Packet Storm
Packet Storm
added 2023/03/13 12:0 a.m.221 views

Fastly Secret Disclosure

Correspondence from Fastly declined to comment regarding new discovered vulnerabilities within their website. Poor practices regarding password changes. 1. Reset user password 2. Access link sent 3. Temporary password sent plaintext // HTTP POST request POST...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/03/13 12:0 a.m.330 views

Fastly Secret Disclosure Vulnerability

Fastly suffers from the poor practice of sending a temporary password in plaintext. Correspondence from Fastly declined to comment regarding new discovered vulnerabilities within their website. Poor practices regarding password changes. 1. Reset user password 2. Access link sent 3. Temporary...

7.5AI score
Exploits0
NVD
NVD
added 2023/03/06 3:15 p.m.15 views

CVE-2015-10094

A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version...

6.1CVSS4.2AI score0.00545EPSS
Exploits0References4
Prion
Prion
added 2023/03/06 3:15 p.m.21 views

Cross site scripting

A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version...

5.8CVSS6.4AI score0.00545EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/03/06 2:31 p.m.53 views

CVE-2015-10094

The vulnerability CVE-2015-10094 affects the Fastly Plugin for WordPress (versions up to 0.97). The issue resides in function post of lib/api.php, where manipulation of the url argument enables cross-site scripting. Exploitation may be remote, and upgrading to version 0.98 addresses the issue (pa...

6.1CVSS4.7AI score0.00545EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/03/06 2:31 p.m.20 views

CVE-2015-10094 Fastly Plugin api.php post cross site scripting

A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version...

3.3CVSS6AI score0.00545EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/06 12:0 a.m.4 views

PT-2023-10273 · Fastly · Fastly Plugin

Name of the Vulnerable Software and Affected Versions: Fastly Plugin versions up to 0.97 Description: A vulnerability was found in the Fastly Plugin, which has been rated as problematic. The issue affects the function post of the file lib/api.php. The manipulation of the url argument leads to...

6.1CVSS4.1AI score0.00545EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/03/06 12:0 a.m.2 views

WordPress plugin Fastly 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS4.1AI score0.00545EPSS
Exploits0References5
Wordfence Blog
Wordfence Blog
added 2022/11/08 7:24 p.m.84 views

Russian Hacktivist Group Targets Political Websites with DDOS Attacks

A Russian hacktivist group calling itself “The People’s Cyberarmy” called on its members to target the American Democratic party website at with DDOS Distributed Denial of Service attacks this morning, November 8th, 2022, which is Election Day in the United States. A post in their Telegram channe...

0.2AI score
Exploits0
OSV
OSV
added 2022/09/20 8:45 p.m.22 views

GHSA-CMR8-5W4C-44V8 Fastly Compute@Edge JS Runtime has fixed random number seed during compilation

Impact Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG cryptographically secure pseudorandom number generator was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for th...

7.5CVSS7.3AI score0.00773EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/09/20 8:45 p.m.6 views

@adobe/helix-deploy (>=7.0.0 <=7.0.8) potentially affected by CVE-2022-39218 via @fastly/js-compute (>=0.4.0 <=0.5.2)

@fastly/js-compute NPM version =0.4.0, =7.0.0, =7.0.8 Source cves: CVE-2022-39218 Source advisory: OSV:GHSA-CMR8-5W4C-44V8...

7.5CVSS7.1AI score0.00773EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/09/20 8:45 p.m.31 views

Fastly Compute@Edge JS Runtime has fixed random number seed during compilation

Impact Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG cryptographically secure pseudorandom number generator was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for th...

7.5CVSS7.1AI score0.00773EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/09/20 8:15 p.m.20 views

CVE-2022-39218

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...

7.5CVSS0.00773EPSS
Exploits0References1
Prion
Prion
added 2022/09/20 8:15 p.m.14 views

Design/Logic Flaw

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...

5CVSS7.5AI score0.00773EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/09/20 7:50 p.m.17 views

CVE-2022-39218 Random number seed fixed during compilation

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...

7.5CVSS7.3AI score0.00773EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/09/20 7:50 p.m.7 views

CVE-2022-39218 Random number seed fixed during compilation

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...

7.5CVSS7.5AI score0.00773EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/20 7:50 p.m.14 views

CVE-2022-39218 Random number seed fixed during compilation

The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...

7.5CVSS7.7AI score0.00773EPSS
Exploits0References1
Rows per page
Query Builder