28 matches found
Information Exposure
Overview Versions of apollo-server-cache-memcached prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...
Lunar - A Lightweight Native DLL Mapping Library That Supports Mapping Directly From Memory
A lightweight native DLL mapping library that supports mapping directly from memory Features Imports and delay imports are resolved Relocations are performed Image sections are mapped with the correct page protection Exception handlers are initialised A security cookie is generated and initialise...
Multiple TIBCO Product Information Disclosure Vulnerabilities (CNVD-2018-10558)
TIBCO JasperReports Server and so on are the products of the United States TIBCO Software Corporation.TIBCO JasperReports Server is a report generation and editing tools for the server version of the TIBCO JasperReports Server Community Edition is the community version of it. A security...
Pornhub: Mixed Reflected-Stored XSS on pornhub.com (without user interaction) in the playlist playing section
The researcher discovered a temporarily cached stored XSS using the playlist function of the website. I discovered a Reflected XSS under the PornHub playlists and reported it. Some time after, I noticed, that Reflected XSS using the pkey parameter of the playlist, e.g...
CMS Made Simple < 2.1.3 / < 1.12.1 - Web Server Cache Poisoning
Exploit for php platform in category web applications ============================================= Web Server Cache Poisoning in CMS Made Simple ============================================= CVE-2016-2784 Product Description =================== CMS Made Simple is a great tool with many plugins t...
JBoss Enterprise Application Platform Remote-Naming连接处理验证绕过漏洞
CVE ID:CVE-2013-4218 JBOSS是一个基于J2EE的开放源代码的应用服务器 通过remote-naming把已验证连接缓存在服务器上时存在一个漏洞,在用户成功登录后,远程攻击者可使用remoting客户端需要密码以该用户身份登录,允许以该用户上下文执行任意操作或访问数据 0 JBoss Enterprise Application Platform 6.1.0 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息: http://rhn.redhat.com/errata/RHSA-2013-1151.html...
Authentication flaw
The Staging Webservice "sitecore modules/staging/service/api.asmx" in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and 1 upload files, 2 download files, 3 list directories, and 4 clear the server cache via crafted SOAP requests with arbitra...
CVE-2009-4367
The Staging Webservice "sitecore modules/staging/service/api.asmx" in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and 1 upload files, 2 download files, 3 list directories, and 4 clear the server cache via crafted SOAP requests with arbitra...