6 matches found
Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url
Description First Assume this example var parseUrl = require"parse-url" parseUrl"http://[email protected]:[email protected]/path/name?foo=bar&bar=42some-hash" that return : protocols: "http" protocol: "http" port: null resource: "[email protected]" user: "" pathname:...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description Unsanitized user input leads to command injection. 🕵️♂️ Proof of Concept // PoC whatweb CI https://drive.google.com/file/d/1mrYiu7oTaAm2qjLDKz23VMUkiujafTh/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description Unsanitized user input leads to command injection 🕵️♂️ Proof of Concept POC screenshot: https://drive.google.com/file/d/1zShz68hGd5zcpB1fpk4KVv5TDS6-vXT/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...
Command Injection in sofianehamlaoui/lockdoor-framework
✍️ Description Unsanitized user input leads to command injection in multiple scripts. 🕵️♂️ Proof of Concept payload = ;id https://drive.google.com/file/d/1ZPyCaSyDbD2-gQK43DKlAHkFxi8lmgh/view?usp=sharing 💥 Impact command run as root so it could do potential damage...
CVE-2018-12062
The sell function of a smart contract implementation for SwftCoin SWFTC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka...
Carry Wikileaks Lessons Into The New Year
Editor’s Note: The storm of news coverage about the release of confidential diplomatic memos by whistleblower site Wikileaks may have passed, but the story is far from over. In the meantime, organizations are left to draw their own conclusions about the lessons of the Wikileaks scandal and, then,...