3 matches found
PT-2023-11516 · Ncurses +1 · Ncurses +1
Name of the Vulnerable Software and Affected Versions: ncurses version 6.1 Description: The issue is a Buffer Overflow vulnerability in the nc find entry function in tinfo/comp hash.c at line 70. This allows remote attackers to cause a denial of service via crafted commands. Recommendations: For...
PT-2022-9061 · Unknown · Node-Import
Name of the Vulnerable Software and Affected Versions: node-import versions all Description: The issue affects the params argument of a module function, which can be controlled by users without proper sanitization. This unsanitized input is then passed to the eval function, located in line 79 of...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 72 in lib/index.js. PoC var a =require"node-ps"; a.lookuppsargs:"& touch JHU ",function Remediation There is no fixed version for node-ps. References - NPM Package - Vulnerable...