Lucene search
+L

406 matches found

prion
prion
added 2020/04/02 10:15 p.m.14 views

Command injection

karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument...

7.5CVSS9.7AI score0.04232EPSS
Exploits1References2Affected Software1
cve
cve
added 2020/04/02 9:23 p.m.65 views

CVE-2020-7626

CVE-2020-7626 affects the npm package karma-mojo up to version 1.0.1. The vulnerability is a Command Injection due to unsanitized input in the config argument, allowing an attacker to execute arbitrary commands. Multiple connected sources corroborate the issue and identify the impact as arbitrary...

9.8CVSS9.7AI score0.04232EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2020/04/02 9:23 p.m.21 views

CVE-2020-7626

karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument...

9.8AI score0.04232EPSS
Exploits1References2
snyk
snyk
added 2020/04/02 12:0 a.m.5 views

Command Injection

Overview karma-mojo is a plugin for Karma that provides a binary for running only a select subset of tests at a time instead of running the whole test suite. Affected versions of this package are vulnerable to Command Injection. The argument config can be controlled by users without any...

9.8CVSS5.6AI score0.04232EPSS
Exploits1References2
vulnersosv
vulnersosv
added 2020/04/01 4:35 p.m.4 views

cubx-http-server (=0.4.2), karma-extjs-jasmine-tester (>=1.0.0 <=1.1.3) +5 more potentially affected by CVE-2019-10775 via ecstatic (>=3.1.1 <=3.3.0)

ecstatic NPM version =3.1.1, =1.0.0, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.2.1 Source cves: CVE-2019-10775 Source advisory: OSV:GHSA-9Q64-MPXX-87FG...

7.5CVSS7.1AI score0.01274EPSS
Exploits0
vulnersosv
vulnersosv
added 2020/03/10 9:21 a.m.6 views

gossip-object (>=0.1.0 <=2.3.4), gossipdb (>=0.1.1 <=0.1.5) +2 more potentially affected by CVE-2020-7640 via fun-map (>=2.0.1 <=3.3.1)

fun-map NPM version =2.0.1, =0.1.0, =0.1.1, =0.0.0, =0.2.0, =1.0.0 Source cves: CVE-2020-7640 Source advisory: SNYK:JS-FUNMAP-564436...

9.8CVSS7.2AI score0.02137EPSS
Exploits0
nvd
nvd
added 2019/11/26 5:15 a.m.18 views

CVE-2011-4090

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation...

6.1CVSS6AI score0.03106EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2019/11/26 5:15 a.m.20 views

CVE-2011-4090

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation...

6.1CVSS6.3AI score0.03106EPSS
Exploits0References6
prion
prion
added 2019/11/26 5:15 a.m.17 views

Privilege escalation

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation...

4.3CVSS6.2AI score0.03106EPSS
Exploits0References3Affected Software1
cve
cve
added 2019/11/26 4:9 a.m.102 views

CVE-2011-4090

Summary: CVE-2011-4090 is tied to Serendipity before 1.6 with an XSS in the karma plugin that may lead to privilege escalation. The vulnerability affects the karma plugin in Serendipity installations prior to version 1.6 (no other products explicitly documented). The underlying issue is a cross-s...

6.1CVSS6AI score0.03106EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2019/11/26 4:9 a.m.15 views

CVE-2011-4090

Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation...

6AI score0.03106EPSS
Exploits0References3
kitploit
kitploit
added 2019/09/23 12:0 p.m.127 views

SKA - Simple Karma Attack

SKA allows you to implement a very simple and fast karma attack. You can sniff probe requests to choice the fake AP name or, if you want, you could insert manually the name of the AP evil twin attack. When the target has connected to your WLAN you could active the HTTP redirection and perform a...

7.2AI score
Exploits0References2
vulnersosv
vulnersosv
added 2019/06/12 4:37 p.m.4 views

@aabenoja/karma-phantomjs-launcher (=0.2.1), @aabenoja/phantomjs (=2.0.0) +460 more potentially affected by unknown CVE via npmconf (>=0.0.19 <=2.1.2)

npmconf NPM version =0.0.19, =0.1.28, =1.2.6, =2.7.2, =4.5.201902251314, =1.5.0, =5.0.201901071713, =5.0.201812141540, =1.0.1-server20190117165116, =1.0.201901260938, =1.0.3, =2.19.0, =2.19.3 - @jrossi/phantomjs2 =2.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-57CF-349J-352G...

5.8AI score
Exploits0
vulnersosv
vulnersosv
added 2019/02/18 11:38 p.m.6 views

@mach25/karma-qunit-jsmockito-jshamcrest (>=0.0.1 <=0.0.2), jsmockito (>=1.0.4 <=1.0.5) +3 more potentially affected by CVE-2016-10521 via jshamcrest (>=0.6.7 <=0.7.1)

jshamcrest NPM version =0.6.7, =0.0.1, =1.0.4, =0.0.2, =0.0.0, =0.3.1, =0.15.0 Source cves: CVE-2016-10521 Source advisory: OSV:GHSA-XJ62-87PG-VCV3...

7.5CVSS7.1AI score0.01093EPSS
Exploits0
talosblog
talosblog
added 2019/02/14 10:31 a.m.45 views

Beers with Talos Ep. #46 - Privacy Pwnd: ExileRAT and Collecting Bad Karma

Beers with Talos BWT Podcast Ep. 46 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 46 show notes: Recorded Feb. 1, 2019 Today we discuss threats that bridge the gap between violating privacy and classic...

0.4AI score
Exploits0
hackread
hackread
added 2019/02/01 3:33 p.m.146 views

Hackers used Karma tool to hack iPhones of prominent Govt officials

By Uzair Amir UAE Launched Aggressive Cyber Espionage Campaign using KARMA and Expertise of Ex-NSA Operatives. Though it seems hard to believe it is indeed true that the smartphones of several prominent political and governmental personalities worldwide have been hacked by former US intelligence...

2AI score
Exploits0
prion
prion
added 2018/12/20 11:29 p.m.12 views

Sql injection

SQL injection vulnerability in the "ContentPlaceHolder1uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...

7.5CVSS9.8AI score0.0277EPSS
Exploits2References2Affected Software1
osv
osv
added 2018/12/20 11:29 p.m.4 views

CVE-2018-18399

SQL injection vulnerability in the "ContentPlaceHolder1uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...

9.8CVSS6.1AI score0.0277EPSS
Exploits2References2
nvd
nvd
added 2018/12/20 11:29 p.m.11 views

CVE-2018-18399

SQL injection vulnerability in the "ContentPlaceHolder1uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...

9.8CVSS9.9AI score0.0277EPSS
Exploits2References2
cvelist
cvelist
added 2018/12/20 10:0 p.m.16 views

CVE-2018-18399

SQL injection vulnerability in the "ContentPlaceHolder1uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...

9.9AI score0.0277EPSS
Exploits2References2
Rows per page
Query Builder