406 matches found
Command injection
karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument...
CVE-2020-7626
CVE-2020-7626 affects the npm package karma-mojo up to version 1.0.1. The vulnerability is a Command Injection due to unsanitized input in the config argument, allowing an attacker to execute arbitrary commands. Multiple connected sources corroborate the issue and identify the impact as arbitrary...
CVE-2020-7626
karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument...
Command Injection
Overview karma-mojo is a plugin for Karma that provides a binary for running only a select subset of tests at a time instead of running the whole test suite. Affected versions of this package are vulnerable to Command Injection. The argument config can be controlled by users without any...
cubx-http-server (=0.4.2), karma-extjs-jasmine-tester (>=1.0.0 <=1.1.3) +5 more potentially affected by CVE-2019-10775 via ecstatic (>=3.1.1 <=3.3.0)
ecstatic NPM version =3.1.1, =1.0.0, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.2.1 Source cves: CVE-2019-10775 Source advisory: OSV:GHSA-9Q64-MPXX-87FG...
gossip-object (>=0.1.0 <=2.3.4), gossipdb (>=0.1.1 <=0.1.5) +2 more potentially affected by CVE-2020-7640 via fun-map (>=2.0.1 <=3.3.1)
fun-map NPM version =2.0.1, =0.1.0, =0.1.1, =0.0.0, =0.2.0, =1.0.0 Source cves: CVE-2020-7640 Source advisory: SNYK:JS-FUNMAP-564436...
CVE-2011-4090
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation...
CVE-2011-4090
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation...
Privilege escalation
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation...
CVE-2011-4090
Summary: CVE-2011-4090 is tied to Serendipity before 1.6 with an XSS in the karma plugin that may lead to privilege escalation. The vulnerability affects the karma plugin in Serendipity installations prior to version 1.6 (no other products explicitly documented). The underlying issue is a cross-s...
CVE-2011-4090
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation...
SKA - Simple Karma Attack
SKA allows you to implement a very simple and fast karma attack. You can sniff probe requests to choice the fake AP name or, if you want, you could insert manually the name of the AP evil twin attack. When the target has connected to your WLAN you could active the HTTP redirection and perform a...
@aabenoja/karma-phantomjs-launcher (=0.2.1), @aabenoja/phantomjs (=2.0.0) +460 more potentially affected by unknown CVE via npmconf (>=0.0.19 <=2.1.2)
npmconf NPM version =0.0.19, =0.1.28, =1.2.6, =2.7.2, =4.5.201902251314, =1.5.0, =5.0.201901071713, =5.0.201812141540, =1.0.1-server20190117165116, =1.0.201901260938, =1.0.3, =2.19.0, =2.19.3 - @jrossi/phantomjs2 =2.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-57CF-349J-352G...
@mach25/karma-qunit-jsmockito-jshamcrest (>=0.0.1 <=0.0.2), jsmockito (>=1.0.4 <=1.0.5) +3 more potentially affected by CVE-2016-10521 via jshamcrest (>=0.6.7 <=0.7.1)
jshamcrest NPM version =0.6.7, =0.0.1, =1.0.4, =0.0.2, =0.0.0, =0.3.1, =0.15.0 Source cves: CVE-2016-10521 Source advisory: OSV:GHSA-XJ62-87PG-VCV3...
Beers with Talos Ep. #46 - Privacy Pwnd: ExileRAT and Collecting Bad Karma
Beers with Talos BWT Podcast Ep. 46 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 46 show notes: Recorded Feb. 1, 2019 Today we discuss threats that bridge the gap between violating privacy and classic...
Hackers used Karma tool to hack iPhones of prominent Govt officials
By Uzair Amir UAE Launched Aggressive Cyber Espionage Campaign using KARMA and Expertise of Ex-NSA Operatives. Though it seems hard to believe it is indeed true that the smartphones of several prominent political and governmental personalities worldwide have been hacked by former US intelligence...
Sql injection
SQL injection vulnerability in the "ContentPlaceHolder1uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...
CVE-2018-18399
SQL injection vulnerability in the "ContentPlaceHolder1uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...
CVE-2018-18399
SQL injection vulnerability in the "ContentPlaceHolder1uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...
CVE-2018-18399
SQL injection vulnerability in the "ContentPlaceHolder1uxTitle" component in ArchiveNews.aspx in jco.ir KARMA 6.0.0 allows a remote attacker to execute arbitrary SQL commands via the "id" parameter...