45 matches found
PT-2022-23904 · Stealjs · Stealjs
Name of the Vulnerable Software and Affected Versions: stealjs steal version 2.2.4 Description: The issue is related to a prototype pollution vulnerability. It affects stealjs steal via the optionName variable in main.js. Recommendations: For stealjs steal version 2.2.4, consider restricting acce...
Prototype Pollution
convict is vulnerable to prototype pollution.A bypass of the fix for CVE-2022-22143 is possible which allows an attacker to inject properties into existing construct prototypes via the main.js and modify attributes such as proto, constructor, and prototype...
Prototype Pollution
convict is vulnerable to prototype pollution. The vulnerability exists in the convict function in main.js due to improper validation of attribute type which allows an attacker to crash the system by injecting arbitrary code...
Geutebruck Camera Deface
This module will take an existing session on a vulnerable Geutebruck Camera and will allow the user to either freeze the camera and display the last image from the video stream, display an image on the camera, or restore the camera back to displaying the current feed/stream. Module Options msf us...
openSUSE Security Update : cinnamon (openSUSE-2018-767)
This update for cinnamon fixes the following issues : Security issue fixed : - CVE-2018-13054: Fix symlink attack vulnerability boo1083067. Bug fixes : - Update to version 3.4.6 changes since 3.4.4 : - osdWindow.js: Always check the theme node on first showing - an actor's width isn't necessarily...