Security Bulletin: A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js xmlhttprequest-ssl module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-28502 DESCRIPTION: Node.js xmlhttprequest and xmlhttprequest-ssl modules could allow a remote attacker to execute arbitrary code on the system, caused ...

Cross-Site Request Forgery (CSRF) in aces/loris

✍️ Description Attacker able to upload any Media with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks i...

Cross-Site Request Forgery (CSRF) in aces/loris

✍️ Description Attacker able to create any Category with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...

Simple eCommerce <= 2.2.5 - Arbitrary File Upload

The plugin does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could also make a logged admin upload a malicious PHP file, which would lead to RCE...

Simple Water Refilling Station Management System 1.0 SQL Injection

Exploit Title: Simple Water Refilling Station Management System 1.0 - Authentication Bypass Exploit Author: Matt Sorrell Date: 2021-08-14 Vendor Homepage: https://www.sourcecodester.com Software Link:...

uListing < 2.0.6 - Modify User Roles via CSRF

An Add/Edit User Roles via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC | CSRF | Add/Edit User Roles: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: cookies User-Agent: Mozilla/5.0 Content-Type:...

Arbitrary File Read

phantomjs is vulnerable to arbitrary file read. An attacker is able to read arbitrary system files via an XMLHttpRequest with a file:// URI...

Postbird 0.8.4 - Javascript Injection

Exploit Title: Postbird 0.8.4 - Javascript Injection Date: 26 May 2021 Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload...

Postbird 0.8.4 - Javascript Injection Exploit

Exploit Title: Postbird 0.8.4 - Javascript Injection Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload PostgreSQL Password...

CVE-2021-33570

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and...

Cross site scripting

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and...

CVE-2021-33570

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and...

1tp (>=0.0.1 <=0.11.2), 2d-json-schema-editor-visual (>=1.0.2 <=1.0.7) +2806 more potentially affected by CVE-2021-31597 via xmlhttprequest-ssl (>=1.5.1 <=1.5.5)

xmlhttprequest-ssl NPM version =1.5.1, =0.0.1, =1.0.2, =1.0.1, =4.11.25, =0.1.3, =0.0.15, =8.25.29, =1.0.0, =0.0.4, =1.0.9, =1.0.15 and more Source cves: CVE-2021-31597 Source advisory: OSV:GHSA-72MH-269X-7MH5...

GHSA-72MH-269X-7MH5 Improper Certificate Validation in xmlhttprequest-ssl

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but is undefined is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected...

Improper Certificate Validation in xmlhttprequest-ssl

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but is undefined is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected...

JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)

The theme did not sanitise the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory, leading to a Reflected Cross-Site Scripting XSS issue. PoC POST /?ajax-request=jnews HTTP/1.1 Accept: text/html, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding:...

NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery Vulnerability

NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance, and to redirect the mined coins to an arbitrary mining address. NiceHash Miner Excavator API Cross-Site...

Sifchain: CORS Misconfiguration

Summary: An cross-origin resource sharing CORS policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of th...

Exploit for Code Injection in Xmlhttprequest_Project Xmlhttprequest

CVE-2020-28502 node-XMLHttpRequest RCE NVD Description Th...

Customer Relationship Management (CRM) System 1.0 Shell Upload Vulnerability

Exploit Title: Customer Relationship Management CRM Unrestricted File Upload unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...