adservice's People
adservice's Issues
A new vulnerability was discovered: CVE-2020-28276
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/181582
A new vulnerability was discovered: CVE-2020-8427
Kaseya Traverse before 9.5.20 allows OS command injection attacks against user accounts, associated with a Netflow Top Applications reporting API call. This is exploitable by an authenticated attacker who submits a modified JSON field within POST data.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/146009
A new vulnerability was discovered: CVE-2002-1647
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207747
A new vulnerability was discovered: CVE-2009-4590
Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/48668
A new vulnerability was discovered: CVE-2019-6340
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/118908
A new vulnerability was discovered: CVE-2020-13666
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187408
A new vulnerability was discovered: CVE-2018-7602
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/110588
A new vulnerability was discovered: CVE-2020-15506
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to bypass authentication mechanisms via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/176801
A new vulnerability was discovered: CVE-2015-0343
Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/9500
A new vulnerability was discovered: CVE-2020-13662
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187412
A new vulnerability was discovered: CVE-2019-6338
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/117993
A new vulnerability was discovered: debricked-149740
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207782
A new vulnerability was discovered: debricked-154712
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/208194
A new vulnerability was discovered: debricked-149739
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207781
A new vulnerability was discovered: debricked-154714
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/208196
A new vulnerability was discovered: CVE-2016-0948
Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/2622
A new vulnerability was discovered: CVE-2020-7774
This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('proto'); y18n.updateLocale({polluted: true}); console.log(polluted); // true
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187733
A new vulnerability was discovered: CVE-2009-4591
SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/48669
A new vulnerability was discovered: debricked-124
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207145
A new vulnerability was discovered: CVE-2021-23337
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207742
A new vulnerability was discovered: CVE-2020-28275
Prototype pollution vulnerability in 'cache-base' versions 0.7.0 through 4.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/204989
A new vulnerability was discovered: debricked-154710
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/208192
A new vulnerability was discovered: CVE-2020-13671
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187532
A new vulnerability was discovered: CVE-2020-15507
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to read files on the system via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/176802
A new vulnerability was discovered: debricked-154684
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/208178
A new vulnerability was discovered: CVE-2020-15505
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1, and Sentry before 9.7.3 and 9.8.x before 9.8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/176800
A new vulnerability was discovered: CVE-2020-28500
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require('lodash'); function build_blank (n) { var ret = "1" for (var i = 0; i < n; i++) { ret += " " } return ret + "1"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log("time_cost0: " + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log("time_cost1: " + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log("time_cost2: " + time_cost2)
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/210288
A new vulnerability was discovered: CVE-2018-4921
Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/106691
A new vulnerability was discovered: debricked-154703
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/208188
A new vulnerability was discovered: debricked-149662
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207742
A new vulnerability was discovered: CVE-2020-15235
In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/183903
A new vulnerability was discovered: CVE-2020-8203
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207747
A new vulnerability was discovered: CVE-2019-6341
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/120102
A new vulnerability was discovered: CVE-2016-4118
Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/5575
A new vulnerability was discovered: debricked-155422
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/208230
A new vulnerability was discovered: CVE-2019-11831
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/122064
A new vulnerability was discovered: CVE-2020-7753
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) [DNP] via trim().
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/185064
A new vulnerability was discovered: CVE-2018-7600
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/104188
A new vulnerability was discovered: CVE-2020-7746
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/107469
A new vulnerability was discovered: CVE-2008-2553
Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/51658
A new vulnerability was discovered: CVE-2016-0950
Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/2624
A new vulnerability was discovered: CVE-2020-24442
Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/186168
A new vulnerability was discovered: CVE-2019-10909
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/122453
A new vulnerability was discovered: CVE-2020-13663
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187411
A new vulnerability was discovered: CVE-2009-4592
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/107469
A new vulnerability was discovered: debricked-149681
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207730
A new vulnerability was discovered: CVE-2015-0344
Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/9501
A new vulnerability was discovered: CVE-2019-6339
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/118000
A new vulnerability was discovered: CVE-2019-10775
ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/140568
A new vulnerability was discovered: CVE-2008-2231
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/51355
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.