GHSA-2GJG-5X33-MMP2 Path Traversal in localhost-now

Versions of localhost-now before 1.0.2 are vulnerable to path traversal. This allows a remote attacker to read the content of an arbitrary file. Recommendation Update to version 1.0.2 or later...

UBUNTU-CVE-2018-10857

git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN...

CVE-2018-10857

git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN...

Hanno's projects: SSRF in rompager-check

Summary The script rompager.php does not restrict which hosts can be requested. Thereby, an attacker can send HTTP requests to localhost and other servers of the same local network segment, on port 80 and 7547. Description In rompager.php, the value of CURLOPTURL is fully controlled: php Port...

Microsoft Windows 10: Localhost IP address for WebRTC (Edge)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winedgelocalhostipwebrtc.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Prevent using Localhost IP address for WebRTC Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.ne...

CVE-2018-6671

Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator ePO 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request...

CVE-2018-3729

localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

CVE-2018-3729

localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

Path traversal

localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

CVE-2018-3729

localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

CVE-2018-3729

The CVE-2018-3729 entry is supported by multiple connected documents describing a path traversal flaw in the localhost-now Node.js module. Affected software: localhost-now prior to version 1.0.2 (as documented in GHSA-2GJG-5X33-MMP2 and OSV; HackerOne report H1:312889 corroborates). Root cause: l...

PT-2018-16153 · Unknown · Localhost-Now

Name of the Vulnerable Software and Affected Versions: localhost-now versions prior to 1.0.2 Description: The issue arises from a lack of validation of file paths, allowing a malicious user to read the content of any file with a known path. This can be exploited by a remote attacker to read...

Mail.ru: DNS Misconfiguration

Your localhost.mail.ru has address 127.0.0.1 and this may lead to "Same- Site" Scripting. Here is detailed description of this minor security issue by Tavis Ormandy: http://www.securityfocus.com/archive/1/486606/30/0/threaded I can also ping the localhost network from mail.ru, as in the image...

CVE-2018-11142

The 'systemui/settingsnetwork.php' and 'systemui/settingspatching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'XForwardedFor' HTTP headers in a POST request. An anonymous user c...

GitLab: Potensial SSRF via Git repository URL

Duplicate: Fixed in 8.17.4, 8.16.8, and 8.15.8 Original report: https://hackerone.com/reports/135937 SSRF when importing a project from a Repo by URL GitLab instances that have enabled project imports using "Repo by URL" were vulnerable to Server-Side Request Forgery attacks. By specifying a...

PT-2018-11027 · Node.Js +2 · Node.Js +2

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 6.15.0 Description: The issue allows remote computers to attach to the debug port and evaluate arbitrary JavaScript when the debugger is enabled with node --debug or node debug, as it listens on all interfaces by...

CVE-2018-7160

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...

DEBIAN-CVE-2018-7160

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...

CVE-2018-7160

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...

UBUNTU-CVE-2018-7160

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...