463 matches found
Code injection
An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter...
Code injection
An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
Code injection
An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
Code injection
An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
CVE-2020-36379
CVE-2020-36379 affects shenzhim aaptjs 1.3.1 where the remove function is vulnerable. The evidence consistently states that an attacker can trigger remote code execution by supplying crafted filePath parameters, enabling arbitrary code execution via a network vector. Several connected records (Re...
CVE-2020-36381
An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
CVE-2020-36380
An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
CVE-2020-36380
CVE-2020-36380 : In shenzhim aaptjs 1.3.1, the crunch function accepts unvalidated filePath parameters, enabling arbitrary code execution. Multiple sources (NVD entry and linked advisories) describe remote code execution via this parameter, with CVSS v3.1 base score 9.8 (CRITICAL) and CVSS v2.0 b...
CVE-2020-36378
CVE-2020-36378 affects shenzhim aaptjs 1.3.1, where the packageCmd function allows remote arbitrary code execution via filePath parameters. The issue enables an attacker to execute arbitrary code and is rated with high/critical impact (CVSS v3.1: 9.8) with network access and no privileges require...
CVE-2020-36377
An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
CVE-2020-36377
CVE-2020-36377 affects shenzhim aaptjs 1.3.1. The dump function is exploitable to execute arbitrary code via the filePath parameter, with the CVSSv3.1 impact listed as CRITICAL (9.8) and network attack vector. The available documents consistently describe remote code execution in the dump functio...
CVE-2020-36378
An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
CVE-2020-36376
An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
CVE-2020-36376
CVE-2020-36376 affects shenzhim aaptjs 1.3.1 (node wrapper for aapt). The list function accepts a filePath parameter that can be exploited to execute arbitrary code, enabling RCE. Public sources (NVD and other aggregations) assign a high/critical impact with network attack vector and no user inte...
CVE-2020-26707
An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter...
CVE-2020-26707
CVE-2020-26707 affects Shenzhim AAPTJS 1.3.1. The issue lies in the add function, where the filePath parameter can be manipulated to execute arbitrary code. Public sources in the dataset corroborate a high-severity, network-exposed flaw with depicted impact on confidentiality, integrity, and avai...
Shenzhim Aaptjs 操作系统命令注入漏洞
aaptjs is a node wrapper for aapt. aaptjs version 1.3.1 has a remote code execution vulnerability in the singleCrunch function. An attacker can exploit this vulnerability to execute arbitrary code via the filePath parameter...
Shenzhim Aaptjs 操作系统命令注入漏洞
aaptjs is a node wrapper for aapt. aaptjs version 1.3.1 has a remote code execution vulnerability in the add function. An attacker can exploit this vulnerability to execute arbitrary code via the filePath parameter...
Shenzhim Aaptjs 操作系统命令注入漏洞
aaptjs is a node wrapper for aapt. aaptjs version 1.3.1 has a remote code execution vulnerability in the dump function. An attacker can exploit this vulnerability to execute arbitrary code via the filePath parameter...
Shenzhim Aaptjs 操作系统命令注入漏洞
aaptjs is a node wrapper for aapt. aaptjs version 1.3.1 has a remote code execution vulnerability in the crunch function. An attacker can exploit this vulnerability to execute arbitrary code via the filePath parameter...