Lucene search
+L

144 matches found

OSV
OSV
added 2024/01/28 1:15 a.m.2 views

CVE-2024-23738

An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.."...

9.8CVSS6.2AI score0.01457EPSS
Exploits1References2
Prion
Prion
added 2024/01/28 1:15 a.m.85 views

Remote code execution

An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.."...

7.5CVSS9.5AI score0.01457EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/01/28 12:0 a.m.4 views

Postman Security Vulnerability

Postman is an API platform for developers from the US-based Postman Inc. A security vulnerability exists in Postman prior to version 10.22, which stems from arbitrary code execution via the RunAsNode and enableNodeClilnspectArguments settings...

9.8CVSS7.8AI score0.01457EPSS
Exploits1References3
CVE
CVE
added 2024/01/28 12:0 a.m.305 views

CVE-2024-23738

CVE-2024-23738 affects Postman versions 10.22 and earlier on macOS. The vulnerability is described as remote code execution via RunAsNode and enableNodeClilnspectArguments settings; PT-2024-1464 additionally links this to a buffer overflow when handling PDF data, though the vendor disputes that t...

9.8CVSS9.5AI score0.01457EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/01/28 12:0 a.m.228 views

CVE-2024-23738

An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.."...

9.8AI score0.01457EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/01/27 12:0 a.m.6 views

PT-2024-1464 · Postman · Postman

Name of the Vulnerable Software and Affected Versions: Postman versions 10.22 and earlier Description: The issue allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. It is related to a buffer overflow when handling PDF files without...

9.8CVSS8.8AI score0.01457EPSS
Exploits1References9
Kitploit
Kitploit
added 2023/12/05 11:30 a.m.87 views

Porch-Pirate - The Most Comprehensive Postman Recon / OSINT Client And Framework That Facilitates The Automated Discovery And Exploitation Of API Endpoints And Secrets Committed To Workspaces, Collections, Requests, Users And Teams

Porch Pirate started as a tool to quickly uncover Postman secrets, and has slowly begun to evolve into a multi-purpose reconaissance / OSINT framework for Postman. While existing tools are great proof of concepts, they only attempt to identify very specific keywords as "secrets", and in very...

7.2AI score
Exploits0References2
Hacker One
Hacker One
added 2023/10/18 2:26 p.m.5 views

Cognizant: Disclosure of the valid Cognizant credentials at the Postman collection

Vulnerability description not provided...

7.1AI score
Exploits0
OSV
OSV
added 2023/08/21 8:13 p.m.19 views

GHSA-VX8M-6FHW-PCCW @node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError

Summary The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. Details It was noticed that in the validatePostRequestAsync flow in saml.js, the current timestamp is never checked. This could present a...

5.3CVSS5AI score0.00398EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/08/19 5:36 p.m.4 views

Malicious code in postman-zendesk-support-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3501f72f7b7c1700a90f7ad5e3a55cd2462c210637c68dc75f9d336e9bf0063 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2023/08/01 6:4 p.m.178 views

InsightAppSec Advanced Authentication Settings: Token Replacement

There are many different ways to use InsightAppSec to authenticate to web apps, but sometimes you need to go deeper into the advanced settings to fully automate your logins, especially with API scanning. Today, we’ll cover one of those advanced settings: Token Replacement. InsightAppSec Token...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2023/04/20 10:37 p.m.519 views

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 A Demonstration to show the CVE-2021-41773 vul...

7.5CVSS8.2AI score0.99992EPSS
Exploits151
Akamai Blog
Akamai Blog
added 2023/02/21 2:0 p.m.17 views

What’s New for Developers: February 2023

Read about the most recent updates to EdgeWorkers, two new Postman collections, and Terraform Provider v3.3.0 — and find out how to sign up for betas...

7AI score
Exploits0
Huntr
Huntr
added 2022/12/21 7:26 a.m.25 views

Privilege vulnerability at API Change Password

Description There is a vulnerability at API Change password. I use API PATCH /api/user/x to get user's information and change their password. With x is the user's id, which are numbers in ascending or descending order Proof of Concept 1. Access to the demo website https://demo.usememos.com/ 2. Us...

5.5CVSS8.1AI score0.00633EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2022/11/10 12:0 a.m.31 views

Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure

The plugin is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. PoC - Install the plugin and set the API creds to: - Key:...

7.5CVSS7.5AI score0.00881EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/11/10 12:0 a.m.590 views

Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure

The plugin is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. - Install the plugin and set the API creds to: - Key:...

7.5CVSS1.7AI score0.00881EPSS
Exploits2
Akamai Blog
Akamai Blog
added 2022/10/24 1:0 p.m.13 views

What’s New for Developers: October 2022

Read about our new Postman collections, the latest Akamai PowerShell release, our improvements to Edge Diagnostics, and how to quickly integrate Linode with Akamai...

7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/09/16 5:44 p.m.8 views

@netceterapx/click-to-pay-embedded-sdk (>=0.0.1 <=1.0.5), postman-helper (>=1.0.0 <=1.0.2) potentially affected by CVE-2022-36083 via jose-browser-runtime (>=4.15.5 <=4.1.2)

jose-browser-runtime NPM version =4.15.5, =0.0.1, =1.0.0, =1.0.2 Source cves: CVE-2022-36083 Source advisory: OSV:GHSA-JV3G-J58F-9MQ9...

5.3CVSS6.6AI score0.01112EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/07/26 9:53 a.m.4 views

Malicious code in postman-echo-nock (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54ca7d74162028127f3c663d15e3c766cc0f7729f646f4f70d55b0db30b8b253 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/07/26 9:53 a.m.11 views

MAL-2022-5430 Malicious code in postman-echo-nock (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54ca7d74162028127f3c663d15e3c766cc0f7729f646f4f70d55b0db30b8b253 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder