107 matches found
Vulnerabilities fixed in Google Android
Google has fixed vulnerabilities in the Android OS. A malicious party could misuse the vulnerabilities to gain access to sensitive data or give himself elevated privileges. To do this, the malicious party must trick the victim into installing a rogue app to install. The vulnerability with referen...
Node.js third-party modules: [zenn-cli] Path traversal on Windows allows the attacker to read arbitrary .md files
Summary I would like to report path traversal in zenn-cli. It allows the attacker to read arbitrary .md files. Module module name: zenn-cli version: 0.1.39 npm page: https://www.npmjs.com/package/zenn-cli Module Description Manage Zenn content locally 👩💻 Module Stats 885 weekly downloads...
Node.js third-party modules: [curling] Remote Code Execution
I would like to report RCE in curling I can bypass the security check for special characters, read / overwrite file Module module name: curling version: 1.1.0 npm page: https://www.npmjs.com/package/curling Module Description A node wrapper for curl with a very simple api. Module Stats 156 weekly...
Node.js third-party modules: Bypass of SSRF Vulnerability
Bypass of SSRF report https://hackerone.com/reports/793704 Fix applied after reporting the actual report did not prevent from SSRF issue. https://github.com/TryGhost/Ghost/commit/47739396705519a36018686894d1373e9eb92216diff-3aa52b4b8c6e0fb8422de65648e35887R101 The function fetchOembedData only...
Node.js third-party modules: [xps] Command Injection via insecure command concatenation
I would like to report a Command Injection issue in the xps module. It allows to execute arbitrary commands on the victim's PC. Module module name: xps version: 1.0.2 npm page: https://www.npmjs.com/package/xps Module Description xps is a cross-platform library for listing and killing processes...
Information Disclosure
simplesamlphp is vulnerable to information disclosure. It does not properly handle a request with an uppercase file extension '.PHP', causing the server to disclose the contents of the file by sending to the browser instead of executing it and therefore leaking the sensitive source code in...
CVE-2020-5301
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...
CVE-2020-5301 Information disclosure of source code in SimpleSAMLphp
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...
Node.js third-party modules: [Limited bypass of #793704] Blind SSRF in Ghost CMS
Blind SSRF vulnerability in Ghost allows for internal port scanning, or reading oembed contents from internal network...
Node.js third-party modules: [klona] Prototype pollution
I would like to report Prototype pollution in klona It allows adding arbitrary property to Prototype while deep cloning an object Module module name: klona version: Hunter's comments and funny memes goes here F690469 Impact Denial of Service and possible Remote code execution by overriding object...
Node.js third-party modules: [blamer] RCE via insecure command formatting
I would like to report a RCE issue in the blamer module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: blamer version: 0.1.13 npm page: https://www.npmjs.com/package/blamer Module Description Blamer is a tool for get information about author of code...
Node.js third-party modules: [http-live-simulator] Application-level DoS
The http-live-simulator npm package has an application level DoS vulnerability...
Node.js third-party modules: [gity] RCE via insecure command formatting
I would like to report a RCE issue in the gity module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: gity version: 1.0.5 npm page: https://www.npmjs.com/package/gity Module Description A nice Git wrapper for Node. Module Stats 3/4 downloads in the las...
Node.js third-party modules: Crash Node.js process from handlebars using a small and simple source
I would like to report Denial of service in handlebars. It allows an attacker to crush Node.js process with a small and simple source. Module module name: handlebars version: 4.5.1 npm page: https://www.npmjs.com/package/handlebars Module Description Handlebars.js is an extension to the Mustache...
Node.js third-party modules: Prototype pollution in dot-prop
I would like to report a parameter pollution in dot-prop It allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation DoS, access to sensitive data, RCE. Module module name: dot-prop version: 5.1.1 npm page:...
Node.js third-party modules: [git-lib] RCE via insecure command formatting
I would like to report a RCE issue in the git-lib module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: git-lib version: 1.6.0 npm page: https://www.npmjs.com/package/git-lib Module Description A library that contains different methods to be consumed ...
Node.js third-party modules: Stored XSS (Hexo-admin plugin)
I would like to report Stored XSS in Hexo-admin It allows The Post editor functionality in the hexo-admin plugin 3.9.0 for Node.js is vulnerable to stored XSS via the content of a post. Module module name: Hexo-admin version: 3.9.0 npm page: https://www.npmjs.com/package/hexo-admin Module...
Node.js third-party modules: [expressjs-ip-control] Whitelist IP bypass leads to authorization bypass and sensitive info disclosure
I would like to report a unauthenticated access/authorization bypass issue in the expressjs-ip-control module. It allows to bypass the whitelist IP check in order to bypass the authorization check and possibly expose sensitive datas. Module module name: MODULE NAME version: MODULE VERSION npm pag...
Node.js third-party modules: [reveal.js] XSS by calling arbitrary method via postMessage
I would like to report XSS in reveal.js It allows gaining access to the victim's account and performing actions on his behalf Module module name: reveal.js version: 3.8.0 npm page: https://www.npmjs.com/package/reveal.js Module Description A framework for easily creating beautiful presentations...
CVE-2019-7849
A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2...