CVE-2020-7723 Prototype Pollution

All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function...

CVE-2020-7723

CVE-2020-7723 affects the JavaScript package promisehelpers. All versions prior to 0.0.6 are vulnerable to prototype pollution via the insert function, enabling an attacker to inject properties into Object.prototype (e.g., through proto ). Documented impacts include potential denial of service an...

PT-2020-19744 · Unknown · Promisehelpers

Name of the Vulnerable Software and Affected Versions: promisehelpers versions prior to 0.0.6 Description: The issue concerns Prototype Pollution via the insert function. This allows for potential manipulation of object properties. Recommendations: For versions prior to 0.0.6, update to version...

Prototype Pollution

Overview promisehelpers is a Promise helper functions Affected versions of this package are vulnerable to Prototype Pollution via the insert function. POC: const promisehelpers = require'promisehelpers'; var obj = ; promisehelpers.insert'proto', 'polluted', trueobj; console.logpolluted; // true...

Cross site request forgery (csrf)

In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account...

DEBIAN-CVE-2018-10945

The mghandlecgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash, or NULL pointer dereference via an HTTP request, related to the mbufinsert function...

UBUNTU-CVE-2017-10792

There is a NULL Pointer Dereference in the function llinsert of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack...

CVE-2017-7870

LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx...

php: NULL pointer dereference in pgsql extension

A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to a function such as pginsert or pgselect could cause a PHP application to crash...

Design/Logic Flaw

core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask...

Agilent Technologies Feature Extraction AnnotationX.AnnList.1 ActiveX Control Arbitrary Code Execution Vulnerability

Agilent Technologies Feature Extraction is a set of feature extraction software for automatically reading and processing image files from multiple original chips from Agilent Technologies. A security vulnerability exists in Agilent Technologies Feature Extraction's AnnotationX.AnnList.1 ActiveX...

(0Day) Agilent Technologies Feature Extraction ActiveX Control Index Out-Of-Bounds Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Agilent Technologies Feature Extraction. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Memory corruption

Memory leak in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service memory consumption via zero-length DTLS fragments that trigger improper handling of the return value of a certain...

Fengcms SQL注入漏洞

简要描述： 官方给的测试站似乎被getshell了，吓坏了呀不是我干的 详细说明： app/controller/messageController.php class messageController extends Controller private $model = "message"; public function index return $this-display"message.html";//,M$this-model-page; public function add return...

74cms (20140709) 二枚二次注入

简要描述： 不好好的通过修改造成漏洞的代码 而是通过修改过滤函数。 现在的过滤函数, 虽然我是绕不过去了。 但是还是能找到几处能出数据的。 之前未通过,这次两个打个包来。 P.S:这很不好意思 之前测试demo的时候 因为有个是个update的点 忘记加where限制条件了 导致给某处全部都出数据了。。。。。 不只应该修改过滤函数,而且也应该在造成漏洞的代码好好的修复一下。 详细说明： 第一枚。 第一枚就不分析代码了。 首先注册一个企业会员 然后创建企业 单引号会被转义 然后转义入库。 找找出库的地方。 然后创建好企业后 发布招聘 如下。 点击发布后 可以看到报错了。 这里刚才的企业名出...

MySQL: Вытягивание записей в строку с использованием встроенной функции insert

Все вы знаете о выводе колонок MySQL таблицы в одну строку, итак, встречаем - Четвертый метод! Но об этом немного позже, а сейчас вспомним то, что имеется на сегодняшний день. Из статьи Dr.Z3r0: MySQL SQL Injection полный FAQ: 1. groupconcat + Простое использование, небольшой размер - Ограничение...

LeadTools 11.5.0.9 - 'ltlst11n.ocx' Insert() Access Violation Denial of Service

Test Exploit Page targetFile = "C:\Program Files\Rational\common\ltlst11n.ocx" prototype = "Function Insert ByVal Bitmap As Long , ByVal pszText As String , ByVal Data As Long As Integer" memberName = "Insert" progid = "LEADImgListLib.LEADImgList" argCount = 3 arg1=1 arg2="defaultV"...

SmallNuke 2.0.4 - Pass Recovery SQL Injection

SmallNuke 2.0.4 - Pass Recovery SQL Injection !/usr/bin/perl use Tk; use Tk::BrowseEntry; use Tk::DialogBox; use LWP::UserAgent; $mw = new MainWindowtitle = "UnderWHAT?!" ; $mw-geometry '420x365' ; $mw-resizable0,0; $mw-Label-text = '', -font = 'Verdana 8',-foreground='red'-pack; $mw-Label-text =...

SmallNuke 2.0.4 - Pass Recovery SQL Injection

!/usr/bin/perl use Tk; use Tk::BrowseEntry; use Tk::DialogBox; use LWP::UserAgent; $mw = new MainWindowtitle = "UnderWHAT?!" ; $mw-geometry '420x365' ; $mw-resizable0,0; $mw-Label-text = '', -font = 'Verdana 8',-foreground='red'-pack; $mw-Label-text = 'Smallnuke cms 'Tahoma 7...

CVE-2007-2759

Multiple SQL injection vulnerabilities in the insert function in the ValuePreference class grid/ed/ValuePreference.java in Adempiere before 3.1.6 allow remote attackers to execute arbitrary SQL commands via the 1 mAttribute or 2 mValue parameter. NOTE: some of these details are obtained from thir...