14 matches found
Node.js: Permissions policies can be bypassed via process.mainModule
A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...
Privilege escalation
A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...
CVE-2023-23918
CVE-2023-23918 affects Node.js runtimes prior to certain fixed releases (examples from connected docs include Node.js 14.21.3, 16.19.1, 18.14.2; some entries reference 18.19.x as fixed). The vulnerability allows bypassing the experimental Permissions feature when enabled with --experimental-polic...
Improper Access Control in janeczku/calibre-web
Description Although a user has no permissions about public shelves, he can create them. Proof of Concept The method createshelf at shelf.py does not check if the user has public shelf permissions for create it. @shelf.route"/shelf/create", methods="GET", "POST" @loginrequired def createshelf:...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1182)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1382)
According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authenticati...
Debian DLA-1531-1 : linux-4.9 security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2018-6554 A memory leak in the irdabind function in the irda subsystem was discovered. A local user can take advantage of this flaw to cause a deni...
Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287 Version: 1....
Easy File Uploader 1.7 SQL Injection / Cross Site Scripting
Exploit Title: Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor Homepage: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287 Version: 1.4 / fourth update Category:...
Open-AudIT 2.1 - CSV Macro Injection
Hi Guys, Exploit Title: Open-AudIT 2.1 - CSV Macro Injection Vulnerability Google Dork: N/A Date: 21-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://opmantek.com Software Link: https://www.open-audit.org/downloads.php Affected Version: 2.1...
SuSE Linux Kernel非授权操作SCS设备固件漏洞
BUGTRAQ ID: 11784 CVECAN ID: CVE-2004-1190 SuSE Linux是一款开放源代码Linux系统。 SuSE Linux对SCSI设备接口的管理存在漏洞,本地攻击者可能利用此漏洞非授权修改破坏设备的固件。 SuSE Linux可能允许本地攻击者覆盖小型计算机系统接口(SCSI)设备的固件。拥有只读访问权限的本地攻击者可以向SCSI设备发送SCSI命令覆盖固件,导致设备永久的不可恢复的失效,可能必须送回厂商才能修复。 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux 9.0 RedHat ------...
CVE-2005-1737
Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to 1 view or modify the project member list or 2 modify the todos list...
CVE-2005-1737
Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to 1 view or modify the project member list or 2 modify the todos list...
CVE-2005-1737
CVE-2005-1737 affects PROMS 0.11, where multiple unknown vulnerabilities allow non-authorized users to view or modify the project member list and to modify the todos list. The connected documents do not provide explicit root cause, affected versions beyond 0.11, or remediation details. No in‑the‑...