80 matches found
Google Android 竞争条件问题漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. An attacker could use this vulnerability to cause a local...
WordPress WP Google Map plugin elevation of privilege vulnerability
WordPress plugin is a WordPress open source application plugin. WP Google Map plugin for WordPress version 1.8.0 and earlier has an elevation of privilege vulnerability that stems from an incorrect programmatic call to a high-level native procedure. An attacker could exploit the vulnerability to...
KnockOutlook - A Little Tool To Play With Outlook
"The best feeling is to win by knockout." - Nonito Donaire Overview KnockOutlook is a C project that interacts with Outlook's COM object in order to perform a number of operations useful in red team engagements. Command Line Usage metadata of every account search : search for the provided keyword...
JWT leak via Open Redirect in Programmatic access
Impact Using programmatic access on protected sites, one can get a signed login URL with pomeriumredirecturi set to an arbitrary URL. Then, if the user has already logged into Pomerium, they will be redirected to the specified pomeriumredirecturi with a JWT attached. This allows an outside attack...
Open Redirect
github.com/pomerium/pomerium is vulnerable to open redirect. When using programmatic login, it does not restrict a signed login URL to redirect a victim to the attacker’s site and eventually can cause a JWT leakage...
Continuing to Listen: Good News about the Security Update Guide API!
Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF API. You will no longer have to log in to obtain a personal API key to access the data. Were happy to make this valuable public...
Continuing to Listen: Good News about the Security Update Guide API!
Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF API. You will no longer have to log in to obtain a personal API key to access the data. We're happy to make this valuable public...
[SECURITY] Fedora 33 Update: yubihsm-shell-2.0.3-1.fc33
This package contains most of the components used to interact with the YubiHSM 2 at both a user-facing and programmatic level...
What's Next for Edge Delivery
Access to media through the internet is a huge part of how so many in the world are entertained, informed, and even educated nowadays. And 2020 has shined an even greater light on that fact as many around the world have needed to adjust to life during a pandemic. At Akamai, we saw traffic deliver...
Dell Encryption and Dell Endpoint Security Suite Elevation of Privilege Vulnerability
Dell Encryption and Dell Endpoint Security Suite are both products of Dell Inc.Dell Encryption is a data protection solution. Dell Encryption is a data protection solution that includes compliance management, authentication, disk data encryption, and port encryption.Dell Endpoint Security Suite i...
OS Command Injection
npm-programmatic is vulnerable to OS command injection. The packages and option properties are concatenated and directly passed to an exec function...
GHSA-426H-24VJ-QWXF Command Injection in npm-programmatic
All versions of npm-programmatic are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the install, uninstall and list functions . This may allow attackers to execute arbitrary code in the system if the package name passed to the...
Command Injection in npm-programmatic
All versions of npm-programmatic are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the install, uninstall and list functions . This may allow attackers to execute arbitrary code in the system if the package name passed to the...
0.extends.wechat (>=1.0.51 <=1.0.65), @berkozturk/npm_project_generator (=1.0.0) +113 more potentially affected by CVE-2020-7614 via npm-programmatic (>=0.0.10 <=0.0.12)
npm-programmatic NPM version =0.0.10, =1.0.51, =0.0.2, =0.0.1-dev-preview-19, =0.1.0, =0.2.0, =1.0.0, =0.0.1-rc.1, =0.0.1, =1.0.0, =4.0.0, =0.0.2, =0.0.2, =0.0.3-alpha.18 and more Source cves: CVE-2020-7614 Source advisory: OSV:GHSA-426H-24VJ-QWXF...
'ICEBUCKET" Streaming TV Fraudsters Steal Millions of Ad Dollars in 'ICEBUCKET' Attack
A massive television ad fraud campaign that abuses the programmatic advertising ecosystem for connected TV CTV has successfully impersonated more than 2 million people in over 30 countries so far during its run, defrauding more than 300 different brands out of their ad dollars. The recently...
Command Injection
Overview All versions of npm-programmatic are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the install, uninstall and list functions . This may allow attackers to execute arbitrary code in the system if the package name passe...
npm-programmatic OS Command Injection Vulnerability
npm-programmatic is a package that supports programmatic access to npm commands from JavaScript. An operating system command injection vulnerability exists in npm-programmatic. An attacker can exploit this vulnerability by sending a specially crafted request to execute arbitrary code...
CVE-2020-7614
npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...
CVE-2020-7614
npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...
Command injection
npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...