Prototype Pollution

collection.js is vulnerable to Prototype Pollution. The vulnerability exists due lack of sanization in the extend function of extend.js which allows an attacker to inject malicious property's such as proto, resulting in prototype pollution...

Collection.js vulnerable to Prototype Pollution

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

GHSA-47PJ-Q2VM-46XC Collection.js vulnerable to Prototype Pollution

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

CVE-2023-26113

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

CVE-2023-26113

Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js...

CVE-2023-26113

CVE-2023-26113 affects the JavaScript package collection.js prior to 6.8.1. The root cause is a Prototype Pollution vulnerability in the extend function located at Collection.js/dist/node/iterators/extend.js, enabling polluted prototypes. Multiple sources (NVD, Red Hat, GHSA, OSV, CVE CVE lists) ...

PT-2023-20499 · Unknown · Collection.Js

Name of the Vulnerable Software and Affected Versions: collection.js versions prior to 6.8.1 Description: The issue concerns Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js. This affects versions of the package collection.js before 6.8.1. Recommendations...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023 Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM...

CVE-2023-26602

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution...

Command injection

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution...

CVE-2023-26602

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution...

CVE-2023-26602

CVE-2023-26602 affects ASUS ASMB8 iKVM firmware 1.14.51 and earlier. A remote attacker can execute arbitrary code by using SNMP to create extensions, demonstrated via snmpset for NET-SNMP-EXTEND-MIB with /bin/sh. Affected component/firmware: ASMB8 iKVM, firmware up to 1.14.51. Root cause: SNMP wr...

CVE-2023-26602

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution...

rangy vulnerable to Prototype Pollution

All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...

GHSA-65RP-MHQF-8GJ3 rangy vulnerable to Prototype Pollution

All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...

CVE-2023-26102

All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...