GHSA-QR4M-JCVC-3382 Prototype Pollution in dot-notes

All versions of package dot-notes up to and including version 3.2.0 are vulnerable to Prototype Pollution via the create function...

Prototype Pollution in whitfin/dot-notes-js

Overview dot-notes is a Two way conversions between objects and dot/bracket notation. This package are vulnerable to Prototype Pollution via. the create function. Proof of Concept const dots = require'dot-notes'; dots.create, 'proto.polluted', true; console.logpolluted;...

Information disclosure

All versions of package dot-notes are vulnerable to Prototype Pollution via the create function...

CVE-2020-7717 Prototype Pollution

All versions of package dot-notes are vulnerable to Prototype Pollution via the create function...

PT-2020-19739 · Dot-Notes · Dot-Notes

Name of the Vulnerable Software and Affected Versions: dot-notes versions prior to 3.2.1 Description: The issue concerns Prototype Pollution via the create function. This allows for potential manipulation of object properties. Recommendations: For versions prior to 3.2.1, update to version 3.2.1 ...

Pixl-class Operating System Command Injection Vulnerability

pixl-class is a Node.js module for creating classes with inheritance and mixins. An operating system command injection vulnerability exists in pixl-class versions prior to 1.0.3. The vulnerability can be exploited to execute arbitrary commands with the 'member' parameter in the 'create' function...

CVE-2020-7640

pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization...

Code injection

pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization...

CVE-2020-7640

CVE-2020-7640 describes an OS command injection in pixl-class prior to version 1.0.3. The vulnerability arises because the members parameter of the create function is not sanitized, allowing an attacker to execute arbitrary commands. Affected: pixl-class (Node.js module) before 1.0.3. Impact per ...

Arbitrary Code Execution

Overview pixl-class is a library that allows you to create classes in a more classical sort of way, including support for static class members, proper constructors, inheritance, and mixins. Affected versions of this package are vulnerable to Arbitrary Code Execution. The injection point is locate...

CVE-2018-11830

Improper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A...

Bento4 Memory Leak Vulnerability

Bento4 is a C++ class library and tool for reading and writing ISO-MP4 files. A memory leak vulnerability exists in AP4StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp in Bento4 1.5.1-627, which can be exploited by an attacker to cause a denial of service...

UBUNTU-CVE-2016-5104

The socketcreate function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket...

Design/Logic Flaw

The SharedMemory::Create function in memory/sharedmemoryposix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file...

CVE-2013-2905

The SharedMemory::Create function in memory/sharedmemoryposix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file...

CVE-2013-2905

The SharedMemory::Create function in memory/sharedmemoryposix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file...

PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Vulnerability

------------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Vulnerability ------------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom...

phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection

Exploit for php platform in category web applications $Id: phpldapadminqueryengine.rb 14060 2011-10-25 05:25:39Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more informati...

Feed on Feeds 0.5 - Remote PHP Code Injection

Feed on Feeds 0.5 - Remote PHP Code Injection strtolower$b"'.$key.'" ? -1 : 1;'; 1096. 1097. else 1098. 1099. $compare = createfunction'$a,$b','if strtolower$a"'.$key.'" == strtolower$b"'.$key.'" return 0;else return strtolower$a"'.$key.'" strtolower$b"'.$key.'" ? -1 : 1;'; 1100. 1101. 1102...

RoSPORA 1.5.0 - Remote PHP Code Injection

'; 671. $link=$SERVER'PHPSELF'."?f=".$flag."&s="; 672. 673. if !empty$plarray 674. 675. usort$plarray, createfunction'$a, $b', 'if $a'.$sort.' == $b'.$sort.' return 0; if $a'.$sort.' '.$sorttype.' $b'.$sort.' return -1; return 1;'; 676. Input parameter passed through $GET's' isn't properly...