Code injection

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server...

UBUNTU-CVE-2018-10101

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server...

CVE-2018-10101

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server...

CVE-2018-10101

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server...

Node.js third-party modules: [localhost-now] bypassing url filter which leads to read content of arbitrary file

Hi guys, i can bypass url filter in localhost-now module. It allows to read content of arbitrary files on the remote server. Module module name: localhost-now version: 1.0.2 npm page: https://www.npmjs.com/package/localhost-now Module Stats 26 downloads in the last week Vulnerability Description...

WordPress <=4.9.4 - Vulnerable due to "localhost" default parameter

WordPress versions 3.7-4.9.4 vulnerability due to "localhost" parameter. Don't treat localhost as same host by default. Solution Update WordPress to the latest available version at least 4.9.5...

WordPress 3.7-4.9.4 - Remove localhost Default

Description Don't treat localhost as same host by default...

Design/Logic Flaw

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost or any other address...

UBUNTU-CVE-2018-1099

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost or any other address...

DEBIAN-CVE-2018-1099

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost or any other address...

CVE-2018-1099

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost or any other address...

wordpress -- multiple issues

wordpress developers reports: Don't treat localhost as same host by default. Use safe redirects when redirecting the login page if SSL is forced. Make sure the version string is correctly escaped for use in generator tags...

Node.js third-party modules: Bypass to defective fix of Path Traversal

I would like to report a Path Traversal vulnerability in localhost-now. It allows to read arbitrary files on the server. This is a bypass on the mitigation of 312889 . Module module name: localhost-now version: 1.0.2 npm page: https://www.npmjs.com/package/localhost-now Module Description Am I th...

DEBIAN-CVE-2018-7544

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...

XVNA - Extreme Vulnerable Node Application

XVNA is an extreme vulnerable node application coded in NodejsExpressjs/MongoDB that helps security enthusiasts to learn application security. it's not counseled to host this application online as it is intended to be Vulnerable. We tend to suggest hosting this application in native setting and...

Code injection

Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the authname parameter to localhost/backupmgmt/preconnectcheck.php...

CVE-2014-3206

Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the authname parameter to localhost/backupmgmt/preconnectcheck.php...

ALPINE-CVE-2017-18190

A localhost.localdomain whitelist entry in validhost in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS serve...

Node.js third-party modules: [localhost-now] Path Traversal allows to read content of arbitrary file

Hi Guys, There is Path Traversal in localhost-now module. It allows to read content of arbitrary files on the remote server. Module localhost-now This is a general file server made by nodejs. It will be easy for you to access the files on the server through the browser...

Social Recon - Investigate The Online Presence And Footprint Of Someone

This application locates and compiles information about online personalities, given a username and/or email address. Use this to investigate your own online presence, summarize the digital footprint of someone you know, or uncover the person behind a specific username. Getting Started Clone or fo...