119 matches found
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28462
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28461
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28441
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...
Code injection
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
Code injection
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28462 Prototype Pollution
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28461 Prototype Pollution
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28441 Prototype Pollution
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...
PT-2022-8895 · Unknown · Conf-Cfg-Ini
Name of the Vulnerable Software and Affected Versions: conf-cfg-ini versions prior to 1.2.2 Description: The issue arises when an attacker submits a malicious INI file to an application that parses it with decode, resulting in prototype pollution on the application. This can be exploited further...
js-ini 安全漏洞
js-ini is a Node.js package for encoding/decoding ini-like strings from the Russian individual developer Denis. A security vulnerability exists in versions of js-ini prior to 1.3.0 that stems from the package's susceptibility to prototype contamination, which can be exploited by an attacker to...
conf-cfg-ini 安全漏洞
conf-cfg-ini is a package from the individual developer Rolf Loges in Germany. It uses Node.js to encode and decode conf/cfg/ini-Files. A security vulnerability exists in conf-cfg-ini versions prior to 1.2.2, which stems from the fact that this package is susceptible to prototype contamination; i...
Malicious Package
Overview shared-ini-file-loader is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Hades RAT Web Panel Information Disclosure Vulnerability
Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24B.txt Contact: email protected Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Information Disclosure Description: The Hades Rat web-panel listens on Port 80. There is no authentication check or...
Hades RAT Web Panel Information Disclosure
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Information Disclosure Description: The Hades Rat web-panel...
nodejs-ini: Prototype pollution via malicious INI file
A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
GHSA-RRC9-GQF8-8RWG Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...
MetInfo File Modification Vulnerability
MetInfo adopts PHP+Mysql architecture, it is a cms building system which is very friendly to SEO, fully functional, supports multi-language, responsive display, and extremely suitable for enterprise and company website construction. A file modification vulnerability exists in MetInfo 7.0 beta. An...
CVE-2021-24307
The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseotoolssettings" privilege most of the time admin to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup...