GHSA-9CCV-P7FG-M73X XML Injection in python-libnmap

Description python-libnmap is affected by a Billion-Laughs -style XML injection vulnerability. PoC python ty = NmapParser payload = """ &lol3; """ ty.parsepayload...

XML Injection

python-libnmap is vulnerable to XML injection. It does not prevent the attacker from parsing malicious XML, allowing the attacker to exploit billion laughs attack and crash the application...

CVE-2019-1010017

libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload...

CVE-2019-1010017

libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload...

DEBIAN-CVE-2019-1010017

libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload...

CVE-2019-1010017

libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload...

UBUNTU-CVE-2019-1010017

libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload...

PYSEC-2019-218

libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload...

PYSEC-2019-218

libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload...

Design/Logic Flaw

libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload...

CVE-2019-1010017

libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload...

CVE-2019-1010017

libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload...

CVE-2019-1010017

CVE-2019-1010017 affects libnmap < v0.6.3, with an XML Injection vulnerability in the XML Parsing component. The attack uses a specially crafted XML payload, leading to a Denial of Service (DoS) by consuming resources. Documented impact ranges from DoS (availability impact) to high severity in...

libnmap XML Injection Vulnerability

libnmap is a python toolkit for operating nmap, a network probing and security scanning program. A security vulnerability exists in the parsing of MXL in versions of libnmap prior to 0.6.3. An attacker can exploit this vulnerability to cause a denial of service with a specially crafted payload...

fw-host-discovery (>=1.0.0 <=1.0.5) potentially affected by CVE-2018-16461 via libnmap (=0.2.33)

libnmap NPM version =0.2.33 is affected by a known vulnerability. The following packages have a transitive dependency on libnmap and may be impacted: - fw-host-discovery =1.0.0, =1.0.5 Source cves: CVE-2018-16461 Source advisory: OSV:GHSA-7G2W-6R25-2J7P...

GHSA-7G2W-6R25-2J7P Command Injection in libnmap

Versions of libnmap before 0.4.16 are vulnerable to command injection. Proof of concept js const nmap = require'libnmap'; const opts = range: 'scanme.nmap.org', "x.x.$touch success.txt" ; nmap.scanopts, functionerr, report if err throw new Errorerr; for let item in report...

Command Injection in libnmap

Versions of libnmap before 0.4.16 are vulnerable to command injection. Proof of concept js const nmap = require'libnmap'; const opts = range: 'scanme.nmap.org', "x.x.$touch success.txt" ; nmap.scanopts, functionerr, report if err throw new Errorerr; for let item in report...

Command Injection

Overview Versions of libnmap before 0.4.16 are vulnerable to command injection. Proof of concept const nmap = require'libnmap'; const opts = range: 'scanme.nmap.org', "x.x.$touch success.txt" ; nmap.scanopts, functionerr, report if err throw new Errorerr; for let item in report...

Command Injection

libnmap is vulnerable to command injection. An attacker is able to inject arbitrary OS commands via the IP range field for the network scan...

Node.js third-party modules: Command Injection Vulnerability in libnmap Package

I would like to report a command injection vulnerability in libnmap. It allows an attacker to inject arbitrary OS commands instead of a valid network range to be scanned. Module module name: libnmap version: 0.4.11 npm page: https://www.npmjs.com/package/libnmap Module Description API to access...