Lucene search
K

71 matches found

Node.js
Node.js
added 2020/03/26 7:21 p.m.21 views

Prototype Pollution

Overview Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument...

6.8AI score
Exploits0Affected Software1
Veracode
Veracode
added 2020/02/11 8:42 a.m.9 views

Prototype Pollution

@hapi/hoek is vulnerable to prototype pollution. Failure to validate object to prevent modification of object prototype in clone function allows an attacker to inject malicious object properties which can potentially lead to execution of arbitrary code. The vulnerability affects only applications...

4.3AI score
Exploits0
OSV
OSV
added 2019/12/02 6:4 p.m.12 views

GHSA-5PM8-492C-92P5 Prototype Pollution in chartkick

Affected versions of @polymer/polymer are vulnerable to prototype pollution. The package fails to prevent modification of object prototypes through chart options containing a payload such as "proto": "polluted": true. It is possible to achieve the same results if a chart loads data from a malicio...

7.3CVSS7AI score0.01391EPSS
Exploits0References8
Node.js
Node.js
added 2019/11/19 9:36 p.m.20 views

Prototype Pollution

Overview All versions of unflatten are vulnerable to prototype pollution. The function unflatten does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/10/17 10:37 p.m.18 views

Prototype Pollution

Overview All versions of merge-recursive are vulnerable to Prototype Pollution. When malicious user input is merged with another object it allows the attacker to modify the prototype of Object via proto causing the addition or modification of an existing property. Proof of concept: var merge =...

6.8AI score
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2017/10/27 5:0 a.m.24 views

CVE-2017-5094

Removed by vendor...

6.5CVSS8.1AI score0.01549EPSS
Exploits0
exploitpack
exploitpack
added 2015/03/04 12:0 a.m.45 views

Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)

Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash PoC / ---------------------------------------------------------------------------------------------------- cve-2014-4943poc.c The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain...

6.9CVSS0.1AI score0.02103EPSS
Exploits6
Kitploit
Kitploit
added 2014/03/22 11:57 p.m.20 views

[Peepdf] PDF Analysis and Creation/Modification Tool

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible ...

7.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2013/09/28 12:0 a.m.34 views

OTRS 2.1.x < 2.1.8, 2.2.x < 2.2.6 SOAP Security Bypass Vulnerability

Open Ticket Request System OTRS is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.4CVSS6.3AI score0.02015EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.24 views

openSUSE 10 Security Update : seamonkey (seamonkey-2250)

This security update brings Mozilla SeaMonkey to version 1.0.6. Please also see http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details. It includes fixes to the following security problems: MFSA2006-65: Is split into 3 sub-entries, for ongoing stability improvements ...

7.5CVSS8.5AI score0.05531EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2006/11/08 8:46 a.m.3 views

security flaw

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing...

7.5CVSS6.1AI score0.02614EPSS
Exploits0References4
Rows per page
Query Builder