WordPress WP Server Log Viewer <= 1.0 - Stored Cross Site Scripting vulnerability

Stored Cross Site Scripting vulnerability discovered by strider in WordPress Plugin WP Server Log Viewer versions = 1.0...

EUVD-2019-0262

Malware in sbrugna...

strider-resource.com Improper Access Control vulnerability OBB-3813010

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cross-Site Request Forgery (CSRF) in strider-cd/strider

Description Strider is an Open Source Continuous Deployment / Continuous Integration platform. It is written in Node.js and Ember.js and uses MongoDB as a backing store. This platform is vulnerable to Cross-Site Request Forgery CSRF. It allowes an attacker to takeover accounts, privillege...

Code Injection in strider-cd/strider-git

Overview strider-git allows strider to use any git repository for a project. he issue occurs because a user input is formatted inside a command that will be executed without any check...

Linux/x86 - add user to passwd file Shellcode (149 bytes)

Exploit Title: Linux/x86 add user to passwd file shellcode 149 bytes Google Dork: None Date: 11.04.2019 Exploit Author: strider Vendor Homepage: None Software Link: None Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : None Shellcode Length: 149...

Downloads Resources over HTTP in strider-sauce

Affected versions of strider-sauce insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

strider (>=1.4.0 <=1.4.5) potentially affected by CVE-2016-10611 via strider-sauce (=0.6.2)

strider-sauce NPM version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on strider-sauce and may be impacted: - strider =1.4.0, =1.4.5 Source cves: CVE-2016-10611 Source advisory: OSV:GHSA-8GF4-PCJ6-54RP...

GHSA-8GF4-PCJ6-54RP Downloads Resources over HTTP in strider-sauce

Affected versions of strider-sauce insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

strider-sauce code execution vulnerability

strider-sauce is a package for installing and deploying Strider. A security vulnerability exists in strider-sauce that originates when the program downloads compressed resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested zip file with a zi...

Man In The Middle (MitM)

strider-sauce is vulnerable to man-in-the-middleMitM attack. The vulnerability exists because it allows downloading of requested executable files via HTTP if the attacker's network position is between the remote server and client. It can subsequently open up a loophole for remote code execution...

CVE-2016-10611

strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the...

CVE-2016-10611

strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the...

Remote code execution

strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the...

CVE-2016-10611

strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the...

CVE-2016-10611

CVE-2016-10611 affects the strider-sauce package (Sauce Labs / Selenium support for Strider). The issue stems from downloading zipped resources over HTTP, enabling MITM manipulation; an attacker on the network could swap the requested zip with a malicious one to trigger remote code execution. Pub...