Phishing attack vulnerability by uploading malicious HTML file

Impact Phishing attack vulnerability by uploading malicious files. A malicious user could upload a HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for...

MGASA-2023-0188 Updated tcpreplay packages fix security vulnerability

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpeditdltcleanup function at plugins/dltplugins.c. CVE-2023-27783 An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the readhexstring function ...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18-openssl (SUSE-SU-2023:2312-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2312-1 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before G...

CVE-2023-32689

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...

Design/Logic Flaw

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...

CVE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...

CVE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...

CVE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...

CVE-2023-32689

Parse Server (Node.js) versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing-style flaw where a user can upload an HTML file via the public API, making that HTML accessible under the hosting domain for phishing use. The vulnerability is compounded by the Parse JavaScript SDK, which store...

PT-2023-23964 · Unknown · Parse Javascript Sdk +1

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.4.4 and 6.1.1 Description: The issue involves a phishing attack vulnerability where a malicious user can upload an HTML file to Parse Server via its public API. This uploaded HTML file can then be accessed at...

Parse Server 代码问题漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.4.4 and 6.0.0 through 6.1.1, which stems from a malicious user being able to upload HTML files to Parse Server via its public...

GNU Binutils Out-of-Bounds Read Vulnerability

GNU Binutils is a set of binary tools developed by the GNU Project, mainly used to deal with target files e.g., executables, libraries, etc., covering compilation, linking, debugging, and other phases of the function. An out-of-bounds read vulnerability exists in GNU Binutils, which originates in...

CVE-2023-32688

parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...

Design/Logic Flaw

parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...

CVE-2023-32688 Invalid push request payload crashes Parse Server

parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...

CVE-2023-32688

CVE-2023-32688 concerns parse-server-push-adapter, the Push Notification adapter for Parse Server. The issue arises from an invalid push notification payload that can crash Parse Server. A fix was released in version 4.1.3, mitigating the crash by correcting payload handling. Connected sources co...

CVE-2023-32688 Invalid push request payload crashes Parse Server

parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...

CVE-2023-32688 Invalid push request payload crashes Parse Server

parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...

parse-server 输入验证错误漏洞

parse-server is an open source Backend-as-a-Service BaaS framework that is primarily used for application backend processing. A security vulnerability exists in versions prior to parse-server-push-adapter 4.1.3, which stems from an invalid push notification causing an excessive load that could...

OESA-2023-1292 ntp security update

NTP is a protocol designed to synchronize the clocks of computers over a network, NTP version 4, a significant revision of the previous NTP standard, is the current development version. It is formalized by RFCs released by the IETF. Security Fixes: praecisparse in ntpd/refclockpalisade.c in NTP...