Pydio Cells versions 4.1.2 and below implement the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross site scripting vulnerability.
5572c0a56c096d68de11c3dc1c9bcddd5b68526d9584952ea09e3ff2766d3365Ubuntu Security Notice 6120-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.
0beb4fd522279b672c4b92fcefa9d309a5387cdc5d645f3b2e6568d164bca679Ubuntu Security Notice 6103-1 - It was discovered that JSON Schema incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to exploit JavaScript runtimes and cause a denial of service or execute arbitrary code.
b8bb540756590db3d76511beb77a469c4d41e7876af021018b32db9f06b5c27dRed Hat Security Advisory 2023-2654-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.
4e7a13c72b1bbe26649f90f2ee5c748667dc190692c7389ff21e92530336c9f3Red Hat Security Advisory 2023-2655-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.
812f3378f3e6c1833158a97cad774a26513a32be88e668163955d219a846d53fUbuntu Security Notice 6061-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
01e21a6c8ac7ce003c7d1c71410cfa2fca7b99f9ae9f3d56cd4b2c5d58805114Red Hat Security Advisory 2023-1744-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.
b516e9f562da009ac786a0543e0d7eebc70acfd4e3c5df43a3267c02f234c887Red Hat Security Advisory 2023-1743-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.
48bd4394b42ef169e2f3ba2b84e34d023eb13eadddd77b237b4659256714e6b3Red Hat Security Advisory 2023-1742-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, buffer overflow, bypass, and denial of service vulnerabilities.
f28377e6e25b8387aa54cea292997b508ff485520e06f1243636f40bf125d07bRed Hat Security Advisory 2023-1533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, buffer overflow, bypass, and denial of service vulnerabilities.
1d997c727b547d00a2b7b276e0830053a199463662b5eb3fddb9e968cdd8798eDebian Linux Security Advisory 5373-1 - Dave McDaniel discovered that the SQLite3 bindings for Node.js were susceptible to the execution of arbitrary JavaScript code if a binding parameter is a crafted object.
be782c388a489c999750974e659e9b01cb240c9b62f2c79d5206b4142b32021dUbuntu Security Notice 5893-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
39f3fda6f69b52e2205f43902470d0e182b4efbc8287c37b578e711226062258Ubuntu Security Notice 5867-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
f96b3865e7d31127167f78e01da9a83c788e3a186a06410b1f2f2ab7f99bba8bRed Hat Security Advisory 2023-0612-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
196b41f4cb8202a5bba53e8e3a83c166222738610e775f61305c8797014467d7Secure Web Gateway version 10.2.11 suffers from a cross site scripting vulnerability. RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary content types, the primary risk arises from JavaScript code allowing for cross site scripting.
f0bbf9c04ccb2873653f86035ec08f7b9388e540d28d2f705eaf53a75692bfeaRed Hat Security Advisory 2023-0274-01 - Angular JavaScript library packaged for setuptools / pip.
861d9fd6b4728a22c4757bec90d263f6cbe8b10e54bc929dd87ec13c496adfd6Red Hat Security Advisory 2023-0321-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
e0c653b344cad061ff2db4d48425d59d51ad956a499681962b6bdd29869c3026Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
7d038cf5cf0d352110b29efd7ebf03b7f41defff9ed3da1235cfdddef29584cdRed Hat Security Advisory 2023-0050-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
e708c38bc4b436ac8b0802b7f52b3094989a8a194c55f4ff13f1c929fc808c60Red Hat Security Advisory 2022-9073-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
58a475f3944861cebbf2d0ab6df5a1520a1b99b5680cbbaa3c7af98223362bdcRed Hat Security Advisory 2022-8832-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
99898e5a24c6a706859217c62159cda53c2a077c0caf7753ee1e97e40c6ad0e1Red Hat Security Advisory 2022-8833-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
e9e729a24a297018e2baaa36c9d21c52f75aa1a00dfda56fe78c6e1ad638a1dfDebian Linux Security Advisory 5291-1 - Multiple security issues were discovered in MuJS, a lightweight JavaScript interpreter, which could result in denial of service and potentially the execution of arbitrary code.
6a12b5ce4eeb0f076c386236fd660cc7d187b863eabc41b244fca06a64b448c8Ubuntu Security Notice 5730-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
82f654d00686895db438b4366f58202c68cffce2c89495df58f2794e67d2ca38Red Hat Security Advisory 2022-7830-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
521e03457dbbddaa7a91532e37ddb7f212b176aabf6c09459f5e9f6fcf378b3f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed