Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2017/10/24 6:33 p.m.4 views

starcount-common (>=0.0.1 <=0.0.7) potentially affected by CVE-2014-7205 via bassmaster (=0.0.2)

bassmaster NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on bassmaster and may be impacted: - starcount-common =0.0.1, =0.0.7 Source cves: CVE-2014-7205 Source advisory: OSV:GHSA-5J3G-JFQ3-7JWX...

10CVSS7.2AI score0.78582EPSS
Exploits6
Exploit DB
Exploit DB
added 2016/11/02 12:0 a.m.44 views

Bassmaster 1.5.1 - Batch Arbitrary JavaScript Injection Remote Code Execution (Metasploit)

require 'msf/core' class MetasploitModule 'Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution', 'Description' = %q This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and...

10CVSS7.4AI score0.78582EPSS
Exploits6
Circl
Circl
added 2016/11/02 12:0 a.m.31 views

CVE-2014-7205

creationtimestamp| type| source ---|---|--- 2016-11-02 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40689 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/bassmasterjsinjection.rb 2025-02-06 03:13:42+00:00|...

10CVSS9AI score0.78582EPSS
Exploits6References2
Packet Storm
Packet Storm
added 2016/10/30 12:0 a.m.51 views

Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution

require 'msf/core' class MetasploitModule 'Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution', 'Description' = %q This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and...

10CVSS0.1AI score0.78582EPSS
Exploits6
0day.today
0day.today
added 2016/10/29 12:0 a.m.74 views

Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution Exploit

This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a '\x2f' character...

10CVSS0.1AI score0.78582EPSS
Exploits6
NVD
NVD
added 2014/10/08 5:55 p.m.31 views

CVE-2014-7205

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors...

10CVSS7.7AI score0.78582EPSS
Exploits6References6
Rows per page
Query Builder