lightningapp's People
lightningapp's Issues
A new vulnerability was discovered: CVE-2017-6928
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/102060
A new vulnerability was discovered: CVE-2015-2015
Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/10872
A new vulnerability was discovered: CVE-2002-0407
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/83592
A new vulnerability was discovered: CVE-2020-13667
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187407
A new vulnerability was discovered: CVE-2018-9861
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/105625
A new vulnerability was discovered: CVE-2016-6212
The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/7089
A new vulnerability was discovered: CVE-2016-6211
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/7088
A new vulnerability was discovered: CVE-2007-4430
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/60734
A new vulnerability was discovered: CVE-2017-6925
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/117593
A new vulnerability was discovered: CVE-2017-6920
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/111413
A new vulnerability was discovered: debricked-147755
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207188
A new vulnerability was discovered: CVE-2002-0408
htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/83593
A new vulnerability was discovered: CVE-2021-23352
This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/211596
A new vulnerability was discovered: CVE-2020-14230
HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187743
A new vulnerability was discovered: CVE-2016-7570
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/8009
A new vulnerability was discovered: CVE-2019-11002
In Materialize through 1.0.0, XSS is possible via the Tooltip feature.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/120749
A new vulnerability was discovered: debricked-160894
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/211439
A new vulnerability was discovered: CVE-2016-3169
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/4503
A new vulnerability was discovered: CVE-2020-11023
In jQuery before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.
This problem is patched in jQuery 3.5.0.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/157211
A new vulnerability was discovered: CVE-2017-6921
In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/117599
A new vulnerability was discovered: debricked-154702
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/208187
A new vulnerability was discovered: CVE-2019-5428
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11358. Reason: This candidate is a duplicate of CVE-2019-11358. Notes: All CVE users should reference CVE-2019-11358 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/121363
A new vulnerability was discovered: CVE-2020-11022
In jQuery before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/157227
A new vulnerability was discovered: CVE-2016-10599
sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/107248
A new vulnerability was discovered: CVE-2019-11003
In Materialize through 1.0.0, XSS is possible via the Autocomplete feature.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/120750
A new vulnerability was discovered: CVE-2006-5318
PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/68100
A new vulnerability was discovered: CVE-2020-15235
In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/183903
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.