1463 matches found
Prototype Pollution
promisehelpers is vulnerable to prototype pollution. The vulnerability exists as the insert function does not restrict proto headers to be set in objects...
CVE-2020-7723
All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function...
Code injection
All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function...
CVE-2020-7723
CVE-2020-7723 affects the JavaScript package promisehelpers. All versions prior to 0.0.6 are vulnerable to prototype pollution via the insert function, enabling an attacker to inject properties into Object.prototype (e.g., through proto ). Documented impacts include potential denial of service an...
CVE-2020-7723 Prototype Pollution
All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function...
PT-2020-19744 · Unknown · Promisehelpers
Name of the Vulnerable Software and Affected Versions: promisehelpers versions prior to 0.0.6 Description: The issue concerns Prototype Pollution via the insert function. This allows for potential manipulation of object properties. Recommendations: For versions prior to 0.0.6, update to version...
CVE-2020-19885
DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$POST'pageparaminsertname'' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users...
Prototype Pollution
Overview promisehelpers is a Promise helper functions Affected versions of this package are vulnerable to Prototype Pollution via the insert function. POC: const promisehelpers = require'promisehelpers'; var obj = ; promisehelpers.insert'proto', 'polluted', trueobj; console.logpolluted; // true...
Unspecified Vulnerability in Oracle E-Business Suite Common Applications (CNVD-2020-43711)
Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle Corporation. The software provides customer relationship management, service management, financial management, etc. Common Applications also known as Oracle Common Application...
CVE-2020-14529
The CVE-2020-14529 entry refers to a vulnerability in Oracle Primavera Portfolio Management (Investor Module). Affected versions are 16.1.0.0–16.1.5.1, 18.0.0.0–18.0.2.0, and 19.0.0.0. It allows a low-privileged, network-accessible attacker (via HTTP) to compromise Primavera Portfolio Management,...
Savsoft Quiz 5 - Persistent Cross-Site Scripting
Exploit Title: Savsoft Quiz 5 - Persistent Cross-Site Scripting Date: 2020-07-09 Exploit Author: Ogulcan Unverenth3d1gger Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Kali Linux ---Vulnerable Source Code---- functio...
Online Shopping Portal 3.1 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Shopping Portal 3.1 - Authentication Bypass Exploit Author: Ümit Yalçın Vendor Homepage: https://phpgurukul.com/shopping-portal-free-download/ Version: 3.1 Tested on: Windows 10 / WampServer 1- Authentication Bypass Go to...
Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting
Exploit Title: Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-26 Exploit Author: that faceless coderInveteck Global Vendor Homepage: https://phpgurukul.com/ Software Link:...
The vulnerability of the hpack_dht_insert function in the HAProxy networking software library, located in the hpack-tbl.c file, allows for unauthorized access to confidential data by exceeding the allowed buffer size. This vulnerability enables attackers to cause service failures or compromise data integrity.
The vulnerability of the hpackdhtinsert function in the HAProxy networking software library is related to the execution of operations within acceptable buffer data limits. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential data, cause service failure...
Moderate: Red Hat Security Advisory: sqlite security and bug fix update
An update for sqlite is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...
RHEL 8 : sqlite (RHSA-2020:1810)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1810 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a singl...
Malicious Package
Overview batch-insert is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using batch-insert...
Design/Logic Flaw
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Preferences. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical...
Design/Logic Flaw
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Calendar. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced...