status-check's People
Forkers
fossabotstatus-check's Issues
A new vulnerability was discovered: CVE-2015-0343
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187412
A new vulnerability was discovered: CVE-2016-7851
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/120102
A new vulnerability was discovered: CVE-2008-2231
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/208188
A new vulnerability was discovered: CVE-2017-3103
Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/91927
A new vulnerability was discovered: CVE-2017-18077
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/100552
A new vulnerability was discovered: CVE-2015-0344
Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/9501
A new vulnerability was discovered: CVE-2017-11287
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/98101
A new vulnerability was discovered: CVE-2017-11289
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/98103
A new vulnerability was discovered: CVE-2016-0950
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187532
A new vulnerability was discovered: CVE-2016-0948
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/110588
A new vulnerability was discovered: CVE-2009-4592
In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins. All versions after commit f3dc89b9f6ab1544a289b3efc06699b13d63e0bd(3/10/20) are patched.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/183903
A new vulnerability was discovered: CVE-2016-0949
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/208194
A new vulnerability was discovered: CVE-2017-3103
Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/91927
A new vulnerability was discovered: CVE-2018-16492
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) [DNP] via trim().
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/185064
A new vulnerability was discovered: CVE-2017-11291
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/98105
A new vulnerability was discovered: CVE-2015-0343
Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/9500
A new vulnerability was discovered: CVE-2008-2553
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/208230
A new vulnerability was discovered: CVE-2015-8858
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/117993
A new vulnerability was discovered: CVE-2009-4590
Kaseya Traverse before 9.5.20 allows OS command injection attacks against user accounts, associated with a Netflow Top Applications reporting API call. This is exploitable by an authenticated attacker who submits a modified JSON field within POST data.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/146009
A new vulnerability was discovered: debricked-npm-1543
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/125359
A new vulnerability was discovered: CVE-2009-4590
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/208178
A new vulnerability was discovered: CVE-2020-15133
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/210290
A new vulnerability was discovered: CVE-2017-3102
Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/91926
A new vulnerability was discovered: CVE-2009-4591
SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/48669
A new vulnerability was discovered: CVE-2017-11290
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/98104
A new vulnerability was discovered: CVE-2017-16042
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/128473
A new vulnerability was discovered: CVE-2019-19919
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/139915
A new vulnerability was discovered: CVE-2008-2553
Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/51658
A new vulnerability was discovered: CVE-2016-4118
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187408
A new vulnerability was discovered: CVE-2017-3101
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this vulnerability. This vulnerability is mitigated by the fact that such code paths typically require access to an administrative permission or an atypical configuration.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/118000
A new vulnerability was discovered: CVE-2016-0948
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/118908
A new vulnerability was discovered: CVE-2016-7851
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to bypass authentication mechanisms via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/176801
A new vulnerability was discovered: CVE-2008-2231
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/51355
A new vulnerability was discovered: CVE-2017-3102
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to read files on the system via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/176802
A new vulnerability was discovered: CVE-2016-4118
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/104188
A new vulnerability was discovered: CVE-2016-0949
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/122453
A new vulnerability was discovered: CVE-2019-10746
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/128473
A new vulnerability was discovered: CVE-2018-16487
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require('lodash'); function build_blank (n) { var ret = "1" for (var i = 0; i < n; i++) { ret += " " } return ret + "1"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log("time_cost0: " + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log("time_cost1: " + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log("time_cost2: " + time_cost2)
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/210288
A new vulnerability was discovered: CVE-2019-10744
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads.
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/128474
A new vulnerability was discovered: CVE-2016-0950
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187411
A new vulnerability was discovered: CVE-2020-15095
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also to any generated log files.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/176856
A new vulnerability was discovered: CVE-2017-18869
Prototype pollution vulnerability in 'cache-base' versions 0.7.0 through 4.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/204989
A new vulnerability was discovered: debricked-npm-1523
This affects the package npm-user-validate before 1.0.1.
The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/185071
A new vulnerability was discovered: CVE-2017-3101
Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/91925
A new vulnerability was discovered: CVE-2016-10540
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/217918
A new vulnerability was discovered: CVE-2015-8858
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/122064
A new vulnerability was discovered: CVE-2019-16374
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/178500
A new vulnerability was discovered: CVE-2014-7191
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/208196
A new vulnerability was discovered: CVE-2014-7191
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/208192
A new vulnerability was discovered: CVE-2015-0344
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1, and Sentry before 9.7.3 and 9.8.x before 9.8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/176800
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.