nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding

A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling HRS, causing web cache poisoning, and conducting XSS attacks...

CVE-2022-39824

Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak...

CVE-2022-39824

CVE-2022-39824 (Appsmith) : The provided documents confirm a server-side JavaScript injection vulnerability in Appsmith up to version 1.7.14, exploitable via the currentItem property of the list widget. The underlying issue allows remote attackers to run arbitrary JavaScript on the server, leadin...

MongoDB Security Audit: mongoaudit

MongoDB Security Audit mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB’s default configuration settings. This fact, combined with abundant lazy syst...

CMS EditMe Cross Site Request Forgery Vulnerability

CMS EditMe suffers from cross site request forgery vulnerability that allows for privilege escalation. ===================================================== Exploit Title : CMS EditMe - Privilege Escalate CSRF Vulnerability Date Discovered : 2016-11-04 Affected Products: EditMe - Content Manageme...

The vulnerability of the SAP HANA database management system allows a hacker to execute arbitrary XSJS codes.

The vulnerability of the Development Workbench component of the SAP HANA database management system is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary XSJS code remotely...

SAP HANA Developer Edition DB Eval Injection Vulnerability

SAP HANA is a high-performance real-time data analytics platform from SAP, Germany, of which SAP HANA Developer Edition DB is a development version of the database. An Eval injection vulnerability exists in the test-net.xsjs file in the Web-based Development Workbench for SAP HANA Developer Editi...

MongoDB: Server Side JavaScript Includes allow Remote Code Execution

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service invalid memory access and server crash or execute arbitrary code via a crafted memory address in the...