6715 matches found
Remote Code Execution (RCE)
parse-server is vulnerable to remote code execution. The vulnerability exists in DatabaseController.js due to a prototype pollution which allows an attacker to inject and execute arbitrary codes...
CVE-2022-24760
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...
Default configuration
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...
Parse Server 注入漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An injection vulnerability exists in versions of Parse Server prior to 4.10.7. The vulnerability stems from Prototype Pollution vulnerable code in the DatabaseController.js file...
CVE-2022-24760 Command Injection in Parse server
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...
CVE-2022-24760 Command Injection in Parse server
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...
CVE-2022-24760
The set of connected sources confirms CVE-2022-24760 is a real vulnerability in Parse Server (pre-4.10.7) caused by prototype pollution in DatabaseController.js, enabling Remote Code Execution with default MongoDB configurations on Linux/Windows. Impact is described as RCE (high severity) with a ...
CVE-2022-24760 Command Injection in Parse server
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...
GHSA-P6H4-93QP-JHCM Command injection in Parse Server through prototype pollution
Impact This is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file DatabaseController.js, so it is likely to affect...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-24760 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-24760 Source advisory: OSV:GHSA-P6H4-93QP-JHCM...
Command injection in Parse Server through prototype pollution
Impact This is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file DatabaseController.js, so it is likely to affect...
hostname spoofing via Improper Input Validation
Description When to use the parse-url, If user put the https://google.comhashvalue as argument, parse-url doesn't parse the hash value and parses hostname and hash together as hostname. http://localhost/hashvalue and http://localhosthashvalue are the same.. txt - new URL of node ❯ node -e...
PT-2022-16862 · Microsoft +1 · Windows +1
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.7 Description: The issue is a Remote Code Execution RCE vulnerability in Parse Server, affecting the default configuration with MongoDB. The main weakness is the Prototype Pollution vulnerable code in the...
UBUNTU-CVE-2021-32435
Stack-based buffer overflow in the function getkey in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service DoS via unspecified vectors...
dotnet: double parser stack buffer overrun
A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise...
dotnet: double parser stack buffer overrun
A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise...
dotnet: double parser stack buffer overrun
A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise...
dotnet: double parser stack buffer overrun
A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise...
Open Redirect
Description parse-url parses the url as https://google.com::/test, and if two or more colons are inserted in the port part, the port is parsed as one hostname. txt - node - url.parse ❯ node -e 'console.logrequire"url".parse"https://google.com::/test"' Url protocol: 'https:', slashes: true, auth:...
Google Android 缓冲区错误漏洞
Google Android is a Linux-based open source operating system from Google, Inc. A buffer overflow vulnerability exists in Google Android due to an out-of-bounds read in cdParseMsg of cdcodec.c caused by a boundary check error, which could be exploited to cause remote information disclosure...