Lucene search
K

188 matches found

CVE
CVE
added 2021/02/02 10:25 a.m.113 views

CVE-2020-28494

Summary: CVE-2020-28494 affects the total.js package (before 3.4.7). The vulnerability occurs in the image.pipe and image.stream functions where the type parameter is used to build a command that is executed via child_process.spawn with the option shell: true, and the type value is not properly s...

8.6CVSS8.6AI score0.01702EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/02/02 10:25 a.m.49 views

CVE-2020-28495

Total.js before 3.4.7 is affected by a prototype pollution vulnerability in the set function, which can set values by path and may alter Object.prototype, enabling DoS, remote code execution, or property injection depending on the application. The remediation is to upgrade Total.js to version 3.4...

7.5CVSS7.4AI score0.03634EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2021/02/02 10:25 a.m.23 views

CVE-2020-28495 Prototype Pollution

This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some case...

7.3CVSS7.6AI score0.03634EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/02/02 12:0 a.m.8 views

total.js Command Injection Vulnerability

Total Avengers Totaljs Framework is a Javascript-based codebase for building web, desktop, service or IoT applications from Total Avengers Slovakia. The application is similar to PHPs Laravel, Pythons Django, ASP.NET MVC for building Node applications. A security vulnerability exists in total.js...

8.6CVSS7.2AI score0.01702EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/02/02 12:0 a.m.7 views

total.js Security Vulnerabilities

Total Avengers Totaljs Framework is a Javascript-based codebase for building web, desktop, service or IoT applications from Total Avengers Slovakia. The application is similar to PHPs Laravel, Pythons Django, ASP.NET MVC for building Node applications. A security vulnerability exists in total.js...

7.5CVSS7.1AI score0.03634EPSS
Exploits1References6
Snyk
Snyk
added 2021/01/29 11:22 a.m.5 views

Prototype Pollution

Overview total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Prototype Pollution. The set function can be...

7.5CVSS8.1AI score0.03634EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2021/01/29 11:21 a.m.6 views

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) +6 more potentially affected by CVE-2020-28494 via total.js (>=3.2.4 <=3.4.13)

total.js NPM version =3.2.4, =1.1.0, =0.3.0, =4.0.0, =1.0.0, =0.0.1, =0.0.4 Source cves: CVE-2020-28494 Source advisory: SNYK:JS-TOTALJS-1046672...

8.6CVSS7.2AI score0.01702EPSS
Exploits1
Snyk
Snyk
added 2021/01/29 11:21 a.m.6 views

Command Injection

Overview total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Command Injection. The issue occurs in the...

8.6CVSS7AI score0.01702EPSS
Exploits1References3
Veracode
Veracode
added 2020/04/27 10:33 a.m.9 views

Path Traversal

total.js is vulnerable to path traversal attacks. The vulnerability exists in index.js where the blacklisting of %2E in the req.uri.pathname is not done but only %2e , allowing path traversal attacks...

4.9AI score
Exploits0
CNVD
CNVD
added 2020/02/25 12:0 a.m.5 views

Total.js CMS Remote Code Execution Vulnerability

Total.js CMS is a content management system CMS based on a NoSQL database. A security vulnerability exists in the controllers/admin.js file in version 13 of Total.js CMS. The vulnerability can be exploited by a remote attacker to execute arbitrary code by sending a POST request to the...

7.5CVSS7.8AI score0.02114EPSS
Exploits1References1
NVD
NVD
added 2020/02/24 10:15 p.m.14 views

CVE-2020-9381

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...

7.5CVSS8.8AI score0.02114EPSS
Exploits1References2
OSV
OSV
added 2020/02/24 10:15 p.m.15 views

CVE-2020-9381

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...

7.5CVSS7.7AI score
Exploits0References2
Prion
Prion
added 2020/02/24 10:15 p.m.16 views

Design/Logic Flaw

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...

5CVSS8.8AI score0.79204EPSS
Exploits6References2Affected Software1
CVE
CVE
added 2020/02/24 9:25 p.m.75 views

CVE-2020-9381

Summary of findings (Total.js CMS): CVE-2020-9381 and related CVEs affect Total.js CMS (notably version 13) with remote code execution via a POST to /admin/api/widgets/ on controllers/admin.js. The root cause is a widget handling path that can evaluate malicious JavaScript payloads, enabling an a...

7.5CVSS8.7AI score0.02114EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/02/24 9:25 p.m.23 views

CVE-2020-9381

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...

8.8AI score0.02114EPSS
Exploits1References2
Hacker One
Hacker One
added 2019/11/30 2:58 p.m.13 views

Node.js third-party modules: [Total.js] Path traversal vulnerability allows to read files outside public directory

I would like to report path traversal in Total.js. It allows read arbitrary files outside public directory. Module module name: Total.js version: 3.3.2 npm page: https://www.npmjs.com/package/total.js Module Description Total.js framework is a framework for Node.js platfrom written in pure...

0.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2019/10/30 12:0 a.m.23 views

CVE-2019-8903

index.js in Total.js Platform before 3.2.3 allows path traversal. Recent assessments: Mad-robot at July 05, 2020 2:29pm UTC reported: Totaljs – Unathenticated Directory Traversal DESCRIPTION User can make requests like “GET /../databases/settings.json HTTP/1.1” and include file contents from...

7.5CVSS7.4AI score0.72058EPSS
Exploits2References3
0day.today
0day.today
added 2019/10/22 12:0 a.m.83 views

Total.js CMS 12 - Widget JavaScript Code Injection Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Total.js CMS 12 Widget JavaScript Code Injection', 'Description' = %q This module exploits a vulnerability in Total.js CMS. The issue is that a...

9.9CVSS0.2AI score0.79204EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/10/22 12:0 a.m.437 views

Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Total.js CMS 12 Widget JavaScript Code Injection', 'Description' = %q This module exploits a vulnerability in Total.js CMS. The issue is that a...

9.9CVSS7.4AI score0.79204EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/10/21 12:0 a.m.198 views

Total.js CMS 12 Widget JavaScript Code Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Total.js CMS 12 Widget JavaScript Code Injection', 'Description' = %q This module exploits a vulnerability in Total.js CMS. The issue is that a...

9CVSS0.1AI score0.79204EPSS
Exploits5
Rows per page
Query Builder