@jser/classifier-item-category (=1.0.1), jser-classifier-item-category (>=1.0.1 <=1.6.1) potentially affected by CVE-2016-10592 via jser-stat (>=3.1.0 <=4.0.3)

jser-stat NPM version =3.1.0, =1.0.1, =1.6.1 Source cves: CVE-2016-10592 Source advisory: OSV:GHSA-5W4P-H4GM-3W26...

Downloads Resources over HTTP in jser-stat

Affected versions of jser-stat insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavio...

stat-x.shop XSS vulnerability

Open Bug Bounty ID: OBB-686800 Description| Value ---|--- Affected Website:| stat-x.shop Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden unti...

[SECURITY] [DLA 1510-1] glusterfs security update

Package : glusterfs Version : 3.5.2-2+deb8u4 CVE ID : CVE-2018-10904 CVE-2018-10907 CVE-2018-10911 CVE-2018-10913 CVE-2018-10914 CVE-2018-10923 CVE-2018-10926 CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930 Debian Bug : 909215 Multiple security vulnerabilities were discovered in...

CVE-2016-6566

The valueAsString parameter inside the JSON payload contained by the ucLogintxtLoginIdClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may...

OracleVM 3.3 / 3.4 : procps (OVMSA-2018-0226)

The remote OracleVM system is missing necessary patches to address critical security updates : - vmstat: fix invalid CPU utilization stats after vCPU hot-plug/unplug Konrad Rzeszutek Wilk bug 18011019 - drop leftover assignment in fix for CVE-2018-1124 causing a severe regression - Resolves:...

Design/Logic Flaw

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10592

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10592

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10592

Vulnerability summary: The jser-stat library downloads data resources over HTTP, enabling man-in-the-middle (MitM) attacks when an attacker can observe/modify network traffic. The impact is variable and can include reading sensitive data up to remote code execution, depending on package behavior....

jspcc.org.cn XSS vulnerability

Open Bug Bounty ID: OBB-514819 Description| Value ---|--- Affected Website:| jspcc.org.cn Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

PHP Web Stat 4.x.x Information Disclosure

======================================================================== | Title : php web stat v4.x.x information Disclosure vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : all | Vendor : http://wmscripti.com/ | Dork :...

PHP Web Stat 4.5.03 Backdoor Account

======================================================================== | Title : php web stat v4.5.03 Backdoor account vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : v4.5.03 | Vendor : http://wmscripti.com/ | Dork :...

PHP Web Stat 4.5.03 Cross Site Scripting

======================================================================== | Title : php web stat v4.5.03 xss vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : v4.5.03 | Vendor : http://wmscripti.com/ | Dork : Copyright Ac 20...

FreeBSD Information Disclosure Vulnerability (CNVD-2017-37251)

FreeBSD is a set of Unix-like free operating systems in the FreeBSD project, headed by the Core Team team, and is an important branch of Unix-like systems that have evolved through BSD, 386BSD, and 4.4BSD. A security vulnerability exists in FreeBSD that stems from a program failing to properly...

Cross-site Request Forgery (CSRF)

phpmyfaq/phpmyfaq is vulnerable to cross-site request forgery CSRF attacks. The application does not have CSRF protection for the phpmyfaq/admin/stat.main.php file, allowing a malicious user to send a request to the application to clear the visits value on the stat page...

Cross-site request forgery vulnerability in phpMyFAQ admin/stat.ratings.php file

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...

phpMyFAQ cross-site request forgery vulnerability (CNVD-2017-32428)

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...

GLSA-201709-12 : Perl: Race condition vulnerability

The remote host is affected by the vulnerability described in GLSA-201709-12 Perl: Race condition vulnerability A race condition occurs within concurrent environments. This condition was discovered by The cPanel Security Team in the rmtree and removetree functions in the File-Path module before...

ftp-syst NSE Script

Sends FTP SYST and STAT commands and returns the result. The canonical SYST response of "UNIX Type: L8" is stripped or ignored, since it is meaningless. Typical FTP response codes 215 for SYST and 211 for STAT are also hidden. References: Example Usage nmap -sV -sC Script Output | ftp-syst: | SYS...