CVE-2019-10768

CVE-2019-10768 affects AngularJS before 1.7.9. The function merge() could be tricked into adding or modifying properties of Object.prototype via a proto payload, enabling prototype pollution. IBM/X-Force data in connected docs corroborates the vulnerability and the CVSS metrics (base scores 7.3 i...

PT-2019-12040 · Google +1 · Angularjs +1

Name of the Vulnerable Software and Affected Versions: AngularJS versions prior to 1.7.9 Description: The issue concerns the merge function, which can be tricked into adding or modifying properties of Object.prototype using a proto payload. This may allow an attacker to add or modify an existing...

Prototype Pollution

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Prototype Pollution. The function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload. PoC by Snyk...

Ajenti 2.1.31 - Remote Code Execution

Title: Ajenti 2.1.31 - Remote Code Execution Author: Jeremy Brown Date: 2019-10-13 Software Link: https://github.com/ajenti/ajenti CVE: N/A Tested on: Ubuntu Linux !/usr/bin/python ajentix.py Ajenti Remote Command Execution Exploit ------- Details ------- Ajenti is a web control panel written in...

Ajenti 2.1.31 - Remote Code Execution

Ajenti 2.1.31 - Remote Code Execution Title: Ajenti 2.1.31 - Remote Code Execution Author: Jeremy Brown Date: 2019-10-13 Software Link: https://github.com/ajenti/ajenti CVE: N/A Tested on: Ubuntu Linux !/usr/bin/python ajentix.py Ajenti Remote Command Execution Exploit ------- Details -------...

Ajenti Remote Command Execution

!/usr/bin/python ajentix.py Ajenti Remote Command Execution Exploit Jeremy Brown jbrown3264/gmail @ Oct 2019 ------- Details ------- Ajenti is a web control panel written in Python and AngularJS. One can locally monitor executed commands on the server while testing $ sudo ./exec-notify google for...

EA Origin Template Injection Remote Code Execution

Exploit Title: EA Origin 10.5.36 Template Injection Remote Code Execution Date: 04/19/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.36 and below Tested on: Windows 10 CVE :...

Remote code execution

The client in Electronic Arts EA Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices...

CVE-2019-11354

The client in Electronic Arts EA Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices...

CVE-2019-11354

The client in Electronic Arts EA Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices...

Cross-site Scripting (XSS)

python-django-horizon is vulnerable to cross-site scripting XSS. A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a...

AngularJS 1.3.0 < 1.5.0-rc.2 Cross-Site Scripting

According to its self-reported version number, AngularJS is at least 1.3.0 and prior to 1.5.0-rc.2. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability due to usemap attribute not blacklisted. Note that the scanner has not tested for these issues but has instead relied only ...

AngularJS 1.5.0 < 1.5.9 Content Security Policy Bypass

According to its self-reported version number, AngularJS is at least 1.5.0 prior to 1.5.9. Therefore, it may be affected by a Content Security Policy bypass vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

AngularJS < 1.6.1 Cross-Site Scripting

According to its self-reported version number, AngularJS is prior to 1.6.1. Therefore, it may be affected by a JSONP callback vulnerability than can lead to Cross-Site Scripting XSS. Note that the scanner has not tested for these issues but has instead relied only on the application's self-report...

AngularJS < 1.6.5 Cross-Site Scripting

According to its self-reported version number, AngularJS is prior to 1.6.5. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source dat...

AngularJS < 1.6.7 Cross-Site Scripting

According to its self-reported version number, AngularJS is prior to 1.6.7. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via ideographic space chararcters in URIs. Note that the scanner has not tested for these issues but has instead relied only on the application's...

AngularJS < 1.4.10 Cross-Site Scripting

According to its self-reported version number, AngularJS is prior to 1.4.10. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability involving assignment on constructor properties. Note that the scanner has not tested for these issues but has instead relied only on the...

AngularJS < 1.6.9 Cross-Site Scripting

According to its self-reported version number, AngularJS is prior to 1.6.9. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability through SVG files if enableSvg is set. Note that the scanner has not tested for these issues but has instead relied only on the application's...

VOOKI - Web Application Vulnerability Scanner

Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Vooki – Web Application Scanner can help you to find the...

CVE-2017-16009

ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting XSS via Angular Expressions, if AngularJS is used in combination with ag-grid...