Node.js third-party modules: Prototype pollution attack (upmerge)

Hi team, I would like to report a prototype pollution vulnerability in upmerge that allows an attacker to inject properties on Object.prototype. Module module name: upmerge version: 0.1.7 npm page: https://www.npmjs.com/package/upmerge Module Description JavaScript Object Merge and Clone for Clie...

Node.js third-party modules: Prototype pollution attack (lutils-merge)

Hi team, I would like to report a prototype pollution vulnerability in lutils-merge that allows an attacker to inject properties on Object.prototype. Module module name: lutils-merge version: 0.2.6 npm page: https://www.npmjs.com/package/lutils-merge Module Description Merge javascript objects...

Node.js third-party modules: Prototype pollution attack (mergify)

Hi team, I would like to report a prototype pollution vulnerability in mergify that allows an attacker to inject properties on Object.prototype. Module module name: mergify version: 1.0.2 npm page: https://www.npmjs.com/package/mergify Module Description Merge objects deeply Vulnerability...

Node.js third-party modules: Prototype pollution attack (smart-extend)

Hi team, I would like to report a prototype pollution vulnerability in smart-extend that allows an attacker to inject properties on Object.prototype. Module module name: smart-extend version: 1.7.3 npm page: https://www.npmjs.com/package/smart-extend Module Description smart-extend is an extensio...

WordPress: RCE as Admin defeats WordPress hardening and file permissions

This vulnerability was found when I found myself in the following scenario: My collegue set up WordPress on his local machine and challenged me to hack it. Before he gave me admin access he used the following hardeing mechanisms: 1. PHP Safe mode 2. The entire web directory was not writable 3...

D-Link DWR/DAP 'EXCU_SHELL' RCE Vulnerability - Active Check

D-Link DWR and DAP Routers are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2018-18590 MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution

A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure...

WordPress Flaw Opens Millions of WooCommerce Shops to Takeover

Up to 4 million online merchants who use the popular WooCommerce WordPress plugin are vulnerable to a file deletion vulnerability that could allow a rogue “shop manager” to escalate privileges and eventually execute remote code on impacted websites. Researchers at RIPS Technologies trace the bug ...

WordPress Design Flaw Leads to WooCommerce RCE

Impact We detected and reported a file deletion vulnerability in WooCommerce, which was fixed in version 3.4.6. Arbitrary file deletion vulnerabilities arent considered critical in most cases as the only thing an attacker can cause is a Denial of Service by deleting the index.php of the website...

Prototype Pollution

cached-path-relative is vulnerable to a prototype pollution attack. Attackers can add or modify existing properties relating to an Object by using the utilities function to change the prototype of said Object. Using this flaw, attackers can trigger denial of service DoS attacks and in some...

WordPress 4.5.x < 4.5.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...

CVE-2018-18926

Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron...

Updated perl-Dancer2 packages fix security vulnerabilities

Dancer2 0.206000 addresses several potential security issues. There is a potential RCE with regards to Storable. Dancer2 adds session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE. Parsing...

Remote Code Execution (RCE)

ms-mcms is vulnerable to a remote code execution RCE attack. The application does not verify user login statuses, allowing a malicious user to upload jsp files with .png filenames to inject and execute arbitrary JSP code...

CVE-2018-1851

CVE-2018-1851 : IBM WebSphere Application Server Liberty OpenID Connect may allow a remote attacker to execute arbitrary code due to improper deserialization when contacting the RP service. The vulnerability is tracked in IBM advisories with a high/severe impact (X-Force ID 150999; CVSS base scor...

FreeBSD : Gitlab -- multiple vulnerabilities (b9591212-dba7-11e8-9416-001b217b3468)

Gitlab reports : RCE in Gitlab Wiki API SSRF in Hipchat integration Cleartext storage of personal access tokens Information exposure through stack trace error message Persistent XSS autocomplete Information exposure in stored browser history Information exposure when replying to issues through...

CVE-2018-17617

CVE-2018-17617 affects Foxit Reader for Windows (including versions around 9.0.x and 9.2.x) via onFocus handling. The flaw is a memory/object existence check issue on focus events, enabling remote code execution when a user opens a malicious file or page. Connected sources corroborate the onFocus...

Gitlab -- multiple vulnerabilities

Gitlab reports: RCE in Gitlab Wiki API SSRF in Hipchat integration Cleartext storage of personal access tokens Information exposure through stack trace error message Persistent XSS autocomplete Information exposure in stored browser history Information exposure when replying to issues through ema...

Remote Code Execution (RCE)

salt is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the improper processing of spaces in the file path which may allow RCE attacks...

ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution

ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Exploit Title: ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Date: 2018-10-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.projeqtor.org Software Link:...