14 matches found
EUVD-2019-0327
Malware in sbrugna...
EUVD-2019-0264
Malware in sbrugna...
cloudcmd (>=5.0.5 <=9.3.2), console-io (>=2.5.2 <=5.0.0) +22 more potentially affected by unknown CVE via ponse (>=1.0.1 <=1.6.1)
ponse NPM version =1.0.1, =5.0.5, =2.5.2, =0.0.0, =0.1.0, =2.7.4, =0.3.0, =1.0.0, =1.0.0, =0.0.1, =0.2.0, =1.0.0, =1.0.0, =1.0.9, =1.0.0, =1.0.0, =1.3.6 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WFHX-6PCM-7M55...
Authentication Bypass in console-io
Affected versions of the console-io package do not configure the underlying websocket library to require authentication, resulting in an authentication bypass vulnerability. As console-io allows terminal access on the server via a web page, an authentication bypass is essentially remote code...
GHSA-Q52J-4Q2Q-HCJ6 Authentication Bypass in console-io
Affected versions of the console-io package do not configure the underlying websocket library to require authentication, resulting in an authentication bypass vulnerability. As console-io allows terminal access on the server via a web page, an authentication bypass is essentially remote code...
console-io authentication bypass vulnerability
Cloud Commander is a Web file manager with console and editor. console-io is one of the Web-based console programs. A security vulnerability exists in console-io 2.2.13 and earlier versions, which stems from the program not configuring socket.io to perform authentication. A remote attacker could...
CVE-2016-10615
curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled...
CVE-2016-10615
The CVE-2016-10615 issue affects the curses package, where the library downloads binary resources over HTTP. The underlying problem is insecure HTTP delivery, enabling a MitM attacker to swap the requested binary, potentially leading to remote code execution on the host. The connected advisories ...
CVE-2016-10532
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running...
CVE-2016-10532
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running...
Authentication flaw
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running...
CVE-2016-10532
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running...
CVE-2016-10532
The CVE-2016-10532 issue concerns the console-io module, specifically versions 2.2.13 and earlier, where socket.io is not configured to require authentication. This allows an attacker to connect via WebSocket, bypass authentication, and execute commands with the same privileges as the console-io ...
Authentication Bypass
Overview Affected versions of the console-io package do not configure the underlying websocket library to require authentication, resulting in an authentication bypass vulnerability. As console-io allows terminal access on the server via a web page, an authentication bypass is essentially remote...