PT-2024-36272 · Unknown · Push Monkey Pro – Web Push Notifications +1

Name of the Vulnerable Software and Affected Versions: Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart versions n/a through 3.9 Description: The issue is a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This means an attacker can tric...

WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart versions = 3.9...

PT-2024-10293 · Google +1 · Google Messages +1

The vulnerable software is Samsung's Monkey's Audio APE decoder, used in Samsung smartphones running Android versions 12, 13, and 14. The vulnerability is a high-severity out-of-bounds write flaw that allows remote attackers to execute arbitrary code on the device without any user interaction. Th...

Monkey HTTPD Header Parsing Denial of Service (Denial of Service)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Monkey HTTPD Header Parsing Denial of Service DoS', 'Description' = %q This module causes improper header parsing that leads to a segmentation...

Malicious code in spider-monkey (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-7027 Malicious code in spider-monkey (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

RLSA-2024:1687 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...

unitycodemonkey.com Cross Site Scripting vulnerability OBB-3921515

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

nodejs: path traversal by monkey-patching buffer internals

A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from to obtain a buffer from the result of path.resolve. By...

GHSA-VFMV-JFC5-PJJW CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained

Impact The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by...

CVE-2024-21896

A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from to obtain a buffer from the result of path.resolve. By...

AZL-35053 CVE-2024-21896 affecting package nodejs for versions less than 20.14.0-1

The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from to obtain a Buffer from the result of path.resolve. By monkey-patching Buffer internals, namely...

CVE-2024-21896

The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from to obtain a Buffer from the result of path.resolve. By monkey-patching Buffer internals, namely...

Node.js: Path traversal by monkey-patching Buffer internals

A path traversal vulnerability was introduced in the experimental permission model in Node.js 20 and 21 by monkey-patching Buffer internals. This allowed modification of the result of path.resolve, leading to traversal beyond the expected path...

Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception

The Mozilla Foundation Security Advisory describes this flaw as: When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a...

Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception

The Mozilla Foundation Security Advisory describes this flaw as: When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a...

Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception

The Mozilla Foundation Security Advisory describes this flaw as: When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a...

Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey

The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free...

Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey

The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free...

Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey

The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free...