12 matches found
External Control of System or Configuration Setting
Overview Affected versions of this package are vulnerable to External Control of System or Configuration Setting in the staging of live sites. An attacker can exfiltrate sensitive data to an external server by supplying malicious values for the remoteAddress and remotePort parameters. Note: This ...
CVE-2023-41243 WordPress WPvivid Backup Plugin plugin <= 0.9.90 - Privilege Escalation on Staging Environment vulnerability
Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90...
Securing Application Staging & Production Environments
...
Mail.ru: Sidekiq Dashboard Publicly accessible at http://shopper.staging.instamart.ru/sidekiq/
Sideqiq dashboard was externally available on the http://shopper.staging.instamart.ru/ server in staging testing environment...
F5 Networks BIG-IP : BIG-IP HTTP/3 QUIC vulnerability (K61367237)
Specially formatted HTTP/3 messages may cause the Traffic Management Microkernel TMM to produce a core file. CVE-2020-5859 Impact TMM may restart and temporarily fail to process traffic on BIG-IP hosts with the HTTP/3 QUIC profile configured. High availability HA configurations will fail over the...
How we productized our staging environment and survived to tell the tale
Managing the Imperva SaaS infrastructure is like herding cats. There are so many moving parts, new developments, testing, fixing bugs, patching, reducing our SLAs, fighting the bad guys and, most importantly, pushing our latest and greatest to production every week. And it all runs like clockwork...
Mixmax: Email Leakage in staging environment
A developer's personal email address was used as the point of contact for an OAuth configuration used in our staging environment. Mixmax did a great job for the fix. :D...
New Relic: Restricted User can view multiple account details including customer_root_account_id, payment method, date of first payment, etc.
Summary When a restricted user visits this URL: There is a request sent to this URL: https://www.staging-bam.nr-data.net. Within that request leaks the following information about the entire account, that the restricted user can view:...
Yelp: Information disclosure - emails disclosed in response > staging.seatme.us
Hello, I found a info disclosure vulnerability. We can enumerate emails via userid parameter from Manage users. And I found that : ID 1 is ██████ ID 514755 is ████████ ID 514775 is █████ ID 514764 is ███████ I attached photos from burp repeater to be more explicit. We can easily bruteforce userid...
Factlink: XSS 01 on staging.fct.li
hey the error message generated can be used to escape out of a dynamically generated href link. The below will render in internet explorer without xss filter enabled of course. See the screenshot for an example. The response is: HTTP/1.1 504 Gateway Time-out Server: nginx/1.4.4 Date: Wed, 02 Jul...
jsDelivr: XSS
Dear Team, Step-by-step instructions on how to reproduce the problem: It was found the application is vulnerable to XSS attack. To achieve the same, open this link http://staging.jsdelivr.net/g//%3Cimg/src=%22%3E%22+onerror=alert%28927942%29%3E in firefox. it can't prompt bcoz there is nothng jus...
Uzbey: Price Manipulation
Hey guys, I put this down as a 2nd bug as it may have been overlooked from the previous report and I figured it'd be easier to track a fix and add comments separately... When completing an order it looks like it may be possible to pay an arbitrary amount - what happens is a request is generated t...