EUVD-2020-0431

Malware in sbrugna...

CVE-2020-7646

curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input...

U.S. Dept Of Defense: https://██████ vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD

Hi team , while testing i found a host ip https://█████████ which belong to DoD ██████████.mil running web services interface of Cisco ASA/FTD and it is vulnerable to CVE-2020-3187 - Unauthenticated arbitrary file deletion in Cisco ASA/FTD. An attacker could exploit this vulnerability by sending ...

OS Command Injection

curlrequest is vulnerable to OS command injection. It is possible to inject and execute arbitrary OS commands via the URL parameter due to lack of validation and sanitization before passing the values to exec...

@neuraflash/einstein-lang (=1.0.0), @safwanuk/sk-npm-hello-world (>=6.0.1 <=6.0.2) +63 more potentially affected by CVE-2020-7646 via curlrequest (>=0.3.10 <=1.0.1)

curlrequest NPM version =0.3.10, =6.0.1, =1.0.2, =0.2.0, =0.0.1, =0.1.0, =0.6.0, =0.0.1, =1.0.0, =0.3.0-a, =1.0.25, =0.1.0, =0.5.0 and more Source cves: CVE-2020-7646 Source advisory: OSV:GHSA-M8XJ-5V73-3HH8...

GHSA-M8XJ-5V73-3HH8 curlrequest allows execution of arbitrary commands

curlrequest through 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands by using a semicolon char in any of the options values...

curlrequest allows execution of arbitrary commands

curlrequest through 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands by using a semicolon char in any of the options values...

Curlrequest OS Command Injection Vulnerability

curlrequest is a Node.js-based package for transferring data over URLs. An operating system command injection vulnerability exists in curlrequest 1.0.1 and earlier versions. An attacker can exploit this vulnerability to inject and execute arbitrary commands...

CVE-2020-7646

curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input...

Input validation

curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input...

CVE-2020-7646

curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input...

Arbitrary File Read

Overview curlrequest is a curlrequest is a node wrapper for the command line curl1. Affected versions of this package are vulnerable to Arbitrary File Read. It is possible to read any file by populating the file parameter with user input. PoC var curl = require"curlrequest"; let userPayload =...

@neuraflash/einstein-lang (=1.0.0), @safwanuk/sk-npm-hello-world (>=6.0.1 <=6.0.2) +63 more potentially affected by CVE-2020-7646 via curlrequest (>=0.3.10 <=1.0.1)

curlrequest NPM version =0.3.10, =6.0.1, =1.0.2, =0.2.0, =0.0.1, =0.1.0, =0.6.0, =0.0.1, =1.0.0, =0.3.0-a, =1.0.25, =0.1.0, =0.5.0 and more Source cves: CVE-2020-7646 Source advisory: SNYK:JS-CURLREQUEST-568274...

PT-2020-2729

Name of the Vulnerable Software and Affected Versions curlrequest versions 1.0.0 through 1.0.1 Description The issue allows for the execution of arbitrary commands by injecting commands using a semicolon character in any of the options values. This can enable a remote attacker to execute arbitrar...