Compass-compile Command Injection Vulnerability

compass-compile is a compiler. A command injection vulnerability exists in compass-compile version 0.0.1 and earlier. The vulnerability can be exploited to execute arbitrary code with the 'options' parameter...

CVE-2020-7635

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument...

CVE-2020-7635

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument...

Command injection

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument...

CVE-2020-7635

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument...

CVE-2020-7635

CVE-2020-7635 affects the Node.js package compass-compile (through 0.0.1). The vulnerability arises from an unsanitized options argument in the library’s command construction, enabling Command Injection and the potential execution of arbitrary shell commands. Multiple connected sources corroborat...

Command Injection

Overview compass-compile is a Compass wrapper for node.js. Affected versions of this package are vulnerable to Command Injection. The options argument can be controlled by users without any sanitization. PoC var Root = require'compass-compile'; var root = new Root; var options =...

@love-open-source/ember-slider (>=0.0.2 <=1.1.10), broccoli-compass-compiler (>=0.0.1 <=0.0.6) +1 more potentially affected by CVE-2020-7635 via compass-compile (=0.0.1)

compass-compile NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on compass-compile and may be impacted: - @love-open-source/ember-slider =0.0.2, =0.0.1, =0.1.0, =0.5.0 Source cves: CVE-2020-7635 Source advisory:...

Shijiazhuang Compass Network Technology Co., Ltd. website building system SQL injection vulnerability

Shijiazhuang Compass Network Technology Co., Ltd. is an Internet application service provider. Shijiazhuang Compass Networks Technology Co., Ltd. website building system has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

VMware VeloCloud 3.3.0 / 3.2.2 Authorization Bypass Vulnerability

Exploit for linux platform in category web applications Product: VeloCloud Vendor: VMware CVE ID: CVE-2019-5533 CSNC ID: CSNC-2019-007 Subject: Authorization Bypass Risk: Moderate Effect: Remotely exploitable CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Author: Silas Bärtsch Date:...

compass.unionstmedia.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-984012 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

CVE-2019-17050

An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environme...

Improper access control

An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environme...

CVE-2019-17050

An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environme...

Plum Mobile Compass Input Validation Error Vulnerability

Plum Mobile Compass is an Android-based smartphone from Plum Mobile USA. The com.android.settings package in Plum Mobile Compass build fingerprint is PLUM/c179hwf221/c179hwf221:6.0/MRA58K/W16.51.5-22:user/release-keys versionCode=23, versionName=6.0-eng.root.20161223.224055 contains a security...

Design/Logic Flaw

The Plum Compass Android device with a build fingerprint of PLUM/c179hwf221/c179hwf221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings versionCode=23, versionName=6.0-eng.root.20161223.224055 that contains an exported...

CVE-2018-14989

The Plum Compass Android device with a build fingerprint of PLUM/c179hwf221/c179hwf221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings versionCode=23, versionName=6.0-eng.root.20161223.224055 that contains an exported...

CVE-2018-14989

The CVE-2018-14989 entry concerns Plum Compass devices where a pre-installed platform app (com.android.settings, versionCode 23) exposes an exported broadcast receiver. This component allows any co-located app to programmatically perform a factory reset without requiring permissions, potentially ...

CVE-2018-14989

The Plum Compass Android device with a build fingerprint of PLUM/c179hwf221/c179hwf221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings versionCode=23, versionName=6.0-eng.root.20161223.224055 that contains an exported...

Siemens SICAM A8000 Series Denial Of Service

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: SICAM A8000 Series Vendor: Siemens CSNC ID: CSNC-2019-002 CVE ID: CVE-2018-13798 Subject: SICAM Webinterface XXE DoS Risk: Medium CVSS 3.0 Base Score: 5.3 CVSS 3.0:...