45 matches found
CVE-2022-27903
The CVE-2022-27903 entry describes an OS Command Injection in Eve-NG’s configuration parser affecting Eve-NG Professional up to 4.0.1-65 and Eve-NG Community up to 2.0.3-112. The vulnerability allows a remote authenticated attacker to run commands as root by editing virtualization command paramet...
Eve-NG Professional 和 Eve-NG Community 操作系统命令注入漏洞
Eve-NG Professional is a clientless multi-vendor network emulation software. A security vulnerability exists in Eve-NG Professional version 4.0.1-65 and earlier, Eve-NG Community version 2.0.3-112 and earlier, which stems from a command injection vulnerability in the operating system in the...
nodejs-ini: Prototype pollution via malicious INI file
A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...
Prototype Pollution
Overview node-ini is a simple .ini config parser that supports sections, comments, arrays, and objects. Affected versions of this package are vulnerable to Prototype Pollution. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program by...
UBUNTU-CVE-2020-7788
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...