EUVD-2018-0195

Malware in sbrugna...

pdfinfojs NPM Module Command Injection Vulnerability

pdfinfojs is a Node.js shell through the pdfinfo access module. A command injection vulnerability exists in pdfinfojs NPM module version 0.3.6 and earlier. An attacker can exploit this vulnerability to execute arbitrary commands...

horace-adapter-offline-pdf (>=0.0.1 <=0.0.5), pdftohpubjs (>=0.1.0 <=0.3.10) potentially affected by CVE-2018-3746 via pdfinfojs (>=0.3.1 <=0.3.6)

pdfinfojs NPM version =0.3.1, =0.0.1, =0.1.0, =0.3.10 Source cves: CVE-2018-3746 Source advisory: OSV:GHSA-3PXP-6963-46R9...

GHSA-3PXP-6963-46R9 Command Injection in pdfinfojs

Versions of pdfinfojs before 0.4.1 are vulnerable to command injection. This is exploitable if an attacker can control the filename parameter that is passed into the pdfinfojs constructor. Recommendation Update to version 0.4.1 or later...

Command Injection in pdfinfojs

Versions of pdfinfojs before 0.4.1 are vulnerable to command injection. This is exploitable if an attacker can control the filename parameter that is passed into the pdfinfojs constructor. Recommendation Update to version 0.4.1 or later...

CVE-2018-3746

The pdfinfojs NPM module versions = 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine...

CVE-2018-3746

The pdfinfojs NPM module versions = 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine...

Command injection

The pdfinfojs NPM module versions = 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine...

CVE-2018-3746

The pdfinfojs NPM module versions = 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine...

Command Injection

Overview Versions of pdfinfojs before 0.4.1 are vulnerable to command injection. This is exploitable if an attacker can control the filename parameter that is passed into the pdfinfojs constructor. Recommendation Update to version 0.4.1 or later. References - HackerOne Report - Commit 5cc59cd -...

Command Injection

pdfinfojs is vulnerable to command injections. The application does not parse the filename parameter, allowing a malicious user to inject and execute arbitrary commands...

PT-2018-1370 · Pdfinfojs · Pdfinfojs

Name of the Vulnerable Software and Affected Versions: pdfinfojs versions = 0.3.6 pdfinfojs versions prior to 0.4.1 Description: The issue is related to a lack of neutralization of special elements in input commands for the pdfinfojs module. This can be exploited by a remote attacker to execute...

Node.js third-party modules: [pdfinfojs] Command Injection on filename parameter

Hello , there is a Command Injection vulnerability on the "pdfinfojs" module. Module module name: pdfinfojs version: 0.3.6 npm page: https://www.npmjs.com/package/pdfinfojs Module Description pdfinfo shell wrapper for Node.js Module Stats 10 downloads in the last day 61 downloads in the last week...