[월:] 2018년 05월

CVE-2016-10559

Posted on by admin

CVE-2016-10559

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Source: CVE-2016-10559

CVE-2016-10556

Posted on by admin

CVE-2016-10556

sequalize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `["test", "’); DELETE TestTable WHERE Id = 1 –‘)"]` inside of “` database.query(‘SELECT * FROM TestTable WHERE Name IN (:names)’, { replacements: { names: directCopyOfUserInput } }); “` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN (‘test’, ”); DELETE TestTable WHERE Id = 1 –‘)`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table.

Source: CVE-2016-10556

CVE-2016-10558

Posted on by admin

CVE-2016-10558

aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Source: CVE-2016-10558

CVE-2016-10551

Posted on by admin

CVE-2016-10551

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline’s `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their own SQL statements in waterline-sequel 0.50 that will get executed and have full access to the database.

Source: CVE-2016-10551

CVE-2015-9241

Posted on by admin

CVE-2015-9241

Certain input passed into the If-Modified-Since or Last-Modified headers will cause an ‘illegal access’ exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes).

Source: CVE-2015-9241

CVE-2016-10567

Posted on by admin

CVE-2016-10567

product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.

Source: CVE-2016-10567

CVE-2018-1235

Posted on by admin

CVE-2018-1235

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.

Source: CVE-2018-1235