Lucene search
+L

97 matches found

ThreatPost
ThreatPost
added 2019/12/05 4:31 p.m.65 views

HackerOne Breach Leads to $20,000 Bounty Reward

HackerOne has paid out $20,000 after a high-severity vulnerability was discovered in the bug-bounty platform. The flaw allowed an outside bounty hunter to access customers’ reports and other sensitive information. Disclosed this week in a HackerOne report, the security incident stemmed from a...

7.3AI score
Exploits0References11
Node.js
Node.js
added 2019/09/26 8:20 p.m.24 views

Machine-In-The-Middle

Overview Versions of https-proxy-agent prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept...

6.5AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/09/06 6:23 p.m.13 views

Unintended Require

Overview All versions of larvitbase-www are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation No fix is...

7.1AI score
Exploits0Affected Software1
Metasploit
Metasploit
added 2019/08/22 10:58 p.m.77 views

Ubiquiti airOS Arbitrary File Upload

This module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorizedkeys. FYI, /etc/passwd,dropbear/authorizedkeys will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSISTETC is true. This method is used by the "m...

7.3AI score
Exploits0
Node.js
Node.js
added 2019/06/14 4:46 p.m.23 views

Authentication Bypass

Overview Versions of samlify prior to 2.4.0 are vulnerable to Authentication Bypass. The package fails to prevent XML Signature Wrapping, allowing tokens to be reused with different usernames. A remote attacker can modify SAML content for a SAML service provider without invalidating the...

7.2AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/06/14 3:35 p.m.31 views

Path Traversal

Overview Versions of simplehttpserver prior to 0.2.1 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 0.2.1 or later. References - HackerOne Report...

5CVSS3.5AI score0.01764EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2019/06/14 3:26 p.m.34 views

Path Traversal

Overview All versions of static-resource-server are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

5CVSS3.9AI score0.01764EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2019/04/04 3:31 a.m.18 views

Arbitrary File Overwrite

Overview Versions of tar prior to 4.4.2 for 4.x and 2.2.2 for 2.x are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the...

6.7AI score
Exploits0Affected Software1
Node.js
Node.js
added 2019/01/23 7:11 p.m.31 views

Path Traversal

Overview Versions of http-live-simulator prior to 1.0.7 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. For example: curl --path-as-is http://localhost:8080//../../../../etc/passwd. Recommendation Upgrade to...

5CVSS2.9AI score0.0165EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2018/11/07 4:24 p.m.22 views

NoSQL injection

Overview Versions of express-cart before 1.1.8 are vulnerable to NoSQL injection. The vulnerability is caused by the lack of user input sanitization in the login handlers. In both cases, the customer login and the admin login, parameters from the JSON body are sent directly into the MongoDB query...

7.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/10/17 11:4 p.m.18 views

Prototype Pollution

Overview All versions of merge-objects are vulnerable to Prototype Pollution. Recommendation No fix is available for this vulnerability at this time. It is our recommendation to use an alternative package. References - HackerOne Report - GitHub Advisory...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/08/16 7:44 p.m.30 views

Privilege Escalation due to Blind NoSQL Injection

Overview Versions of flintcms before version 1.1.10 are vulnerable to account takeover due to blind MongoDB injection in the password reset. Recommendation Update to version 1.1.10 or later. References - HackerOne Report - GitHub Advisory...

7.5CVSS4.1AI score0.0379EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2018/08/03 3:8 p.m.561 views

Arbitrary File Write via Archive Extraction

Overview Versions of unzipper before 0.8.13 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.3.18 or later. References - GitHub Pull Request - Zip Slip...

4.3CVSS3.7AI score0.11917EPSS
Exploits1Affected Software1
Hacker One
Hacker One
added 2018/07/24 6:11 a.m.180 views

Chaturbate: CSV Injection with the CSV export feature

Hi there, hope you are well, The "Download as a CSV" feature of does not properly "escape" fields. So that particular field is vulnerable to CSV injection. Steps of POC Step 1 : Go to any chat room and donate any token to some and in note insert =4+4. Step 2 : Now go to on this link and download...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2018/07/13 4:30 p.m.15 views

ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities

The average payout price for critical vulnerabilities are up six percent and now average $2,041 compared to the prior year. The numbers are from HackerOne’s 2018 Hacker-Powered Security Report, published Wednesday. The study looked at data derived from the HackerOne community between May 2017 and...

0.1AI score
Exploits0References4
Node.js
Node.js
added 2018/06/01 10:41 p.m.660 views

Information Exposure on Case Insensitive File Systems

Overview Versions of serve before 7.0.0 are vulnerable to information exposure, bypassing the ignore security control, but only on case insensitive file systems. Recommendation Update to version 7.0.0 or later. References - HackerOne Report - GitHub Advisory...

5CVSS2.6AI score0.01048EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2018/05/16 8:0 p.m.551 views

Command Injection

Overview All versions of buttle are vulnerable to command injection. Remote command execution is possible when buttle is run with the --php-bin flag. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time...

4.3CVSS5AI score0.01172EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/16 7:28 p.m.551 views

Command Injection

Overview All versions of fs-path are vulnerable to command injection is unsanitized user input is passed in. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available. References - HackerOne Report -...

7.4AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/16 5:55 p.m.512 views

Out-of-bounds Read

Overview Versions of byte before 1.4.1 allocate uninitialized buffers and read data from them past the initialized length Recommendation Update to version 1.4.1 or later. References - HackerOne Report - PR 3 - GitHub Advisory...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/16 4:11 p.m.500 views

Out-of-bounds Read

Overview Versions of concat-with-sourcemaps before 1.0.6 allocates uninitialized Buffers when a number is passed as a separator. Recommendation Update to version 1.0.6 or later. References - HackerOne Report - Source Reference - GitHub Advisory...

6.8AI score
Exploits0Affected Software1
Rows per page
Query Builder