6 matches found
starcount-common (>=0.0.1 <=0.0.7) potentially affected by CVE-2014-7205 via bassmaster (=0.0.2)
bassmaster NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on bassmaster and may be impacted: - starcount-common =0.0.1, =0.0.7 Source cves: CVE-2014-7205 Source advisory: OSV:GHSA-5J3G-JFQ3-7JWX...
Bassmaster 1.5.1 - Batch Arbitrary JavaScript Injection Remote Code Execution (Metasploit)
require 'msf/core' class MetasploitModule 'Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution', 'Description' = %q This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and...
CVE-2014-7205
creationtimestamp| type| source ---|---|--- 2016-11-02 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40689 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/bassmasterjsinjection.rb 2025-02-06 03:13:42+00:00|...
Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution
require 'msf/core' class MetasploitModule 'Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution', 'Description' = %q This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and...
Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution Exploit
This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a '\x2f' character...
CVE-2014-7205
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors...