71 matches found
Prototype Pollution
Overview Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument...
Prototype Pollution
@hapi/hoek is vulnerable to prototype pollution. Failure to validate object to prevent modification of object prototype in clone function allows an attacker to inject malicious object properties which can potentially lead to execution of arbitrary code. The vulnerability affects only applications...
GHSA-5PM8-492C-92P5 Prototype Pollution in chartkick
Affected versions of @polymer/polymer are vulnerable to prototype pollution. The package fails to prevent modification of object prototypes through chart options containing a payload such as "proto": "polluted": true. It is possible to achieve the same results if a chart loads data from a malicio...
Prototype Pollution
Overview All versions of unflatten are vulnerable to prototype pollution. The function unflatten does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently...
Prototype Pollution
Overview All versions of merge-recursive are vulnerable to Prototype Pollution. When malicious user input is merged with another object it allows the attacker to modify the prototype of Object via proto causing the addition or modification of an existing property. Proof of concept: var merge =...
CVE-2017-5094
Removed by vendor...
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash PoC / ---------------------------------------------------------------------------------------------------- cve-2014-4943poc.c The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain...
[Peepdf] PDF Analysis and Creation/Modification Tool
peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible ...
OTRS 2.1.x < 2.1.8, 2.2.x < 2.2.6 SOAP Security Bypass Vulnerability
Open Ticket Request System OTRS is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
openSUSE 10 Security Update : seamonkey (seamonkey-2250)
This security update brings Mozilla SeaMonkey to version 1.0.6. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems: MFSA2006-65: Is split into 3 sub-entries, for ongoing stability improvements ...
security flaw
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing...