Lucene search
K

5 matches found

0day.today
0day.today
added 2019/09/26 12:0 a.m.41 views

NPMJS gitlabhook 0.0.17 - (repository) Remote Command Execution Exploit

NPMJS gitlabhook version 0.0.17 suffers from a remote command execution vulnerability. Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali...

10CVSS0.5AI score0.59768EPSS
Exploits5
Packet Storm
Packet Storm
added 2019/09/25 12:0 a.m.145 views

NPMJS gitlabhook 0.0.17 Remote Command Execution

Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2, Windows 10. CVE : CVE-2019-5485 !/usr/bin/python import...

10CVSS0.2AI score0.59768EPSS
Exploits5
exploitpack
exploitpack
added 2019/09/25 12:0 a.m.48 views

NPMJS gitlabhook 0.0.17 - repository Remote Command Execution

NPMJS gitlabhook 0.0.17 - repository Remote Command Execution Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2...

10CVSS0.59768EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/09/25 12:0 a.m.148 views

NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution

Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2, Windows 10. CVE : CVE-2019-5485 !/usr/bin/python import...

10CVSS9.8AI score0.59768EPSS
Exploits5
CVE
CVE
added 2019/09/13 5:30 p.m.288 views

CVE-2019-5485

The CVE-2019-5485 issue affects the npm package gitlabhook v0.0.17, where the repository.name field in a POST body is concatenated into an exec call without sanitization, enabling remote code execution. Exploit examples in connected data show an attacker can inject commands (e.g., creating /tmp/p...

10CVSS9.6AI score0.59768EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder