CVE-2020-7614

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...

CVE-2020-7614

CVE-2020-7614 affects npm-programmatic up to version 0.0.12 and enables command injection via concatenated options passed to exec. The vulnerability enables remote code execution if untrusted input is supplied to npm-programmatic’s install/uninstall/list paths, as demonstrated by the evidence and...

Command Injection

Overview npm-programmatic is a library that allows you to access npm commands programmatically from javascript. Affected versions of this package are vulnerable to Command Injection. The packages and option properties are concatenated together without any validation and are used by the exec...

0.extends.wechat (>=1.0.51 <=1.0.65), @berkozturk/npm_project_generator (=1.0.0) +152 more potentially affected by CVE-2020-7614 via npm-programmatic (>=0.0.10 <=0.0.9)

npm-programmatic NPM version =0.0.10, =1.0.51, =0.0.2, =0.0.1-dev-preview-19, =0.1.0, =0.4.0, =0.2.0, =3.0.0, =0.1.0, =1.0.0, =0.0.1-rc.1, =0.0.1, =1.0.0, =4.0.0, =5.1.4 and more Source cves: CVE-2020-7614 Source advisory: SNYK:JS-NPMPROGRAMMATIC-564115...

Zelos - A Comprehensive Binary Emulation Platform

Zelos Z eropoint E mulated L ightweight O perating S ystem is a python-based binary emulation platform. One use of zelos is to quickly assess the dynamic behavior of binaries via command-line or python scripts. All syscalls are emulated to isolate the target binary. Linux x8664 32- and 64-bit, AR...

Professional Services Simplified - Check out what's new!

In today's fast-moving digital world, we know businesses need to rapidly adapt to meet user expectations and stay competitive. At Akamai, we see a world of unimagined potential, enabled through the unique power of the Akamai Edge. It's this power, backed by the support of our 2000 global experts,...

Manticore - Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts

Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Note: Beginning with version 0.2.0, Python 3.6+ is required. Features Input Generation : Manticore automatically generates inputs that trigger unique code paths Crash Discovery : Manticore discovers inputs that...

Moderate: Red Hat Security Advisory: openstack-cinder security and bug fix update

An update for openstack-cinder is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Nameles - Open Source Entropy Based Invalid Traffic Detection And Pre-Bid Filtering

Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping. For a high level overview you might want to check out the website If you have any questions or...

Dynamic Binary Analysis Tool: Manticore

Manticore is a prototyping tool for dynamic binary analysis, with support for symbolic execution, taint analysis, and binary instrumentation. Manticore comes with an easy-to-use command line tool that quickly generates new program “test cases” or sample inputs with symbolic execution. Each test...

Microsoft Office: Programmatic access for creating online presentations (PowerPoint, Word)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013programmaticcreationonlinepresentation.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Restrict programmatic access for creating online presentations in PowerPoint and Word Authors: Emanuel Moss Copyright:...

CVE-2017-17458

In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be...

Open-Xchange OX AppSuite 7.8.0 XSS / Open Redirect

Product: OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 44542 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.8.0 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed versions: 7.6.2-rev40, 7.6.3-rev...

Design/Logic Flaw

The XML programmatic interface XML PI in Cisco WebEx Meeting Server 1.5.1.131 and earlier allows remote authenticated users to obtain sensitive meeting information via a crafted URL, aka Bug ID CSCum03527...

Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability

A vulnerability in the XML programmatic interface XML PI of Cisco WebEx Meeting Server could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to disclosure of the meeting information. An attacker could exploit this vulnerability by sending a crafte...

Oracle Database Multiple Vulnerabilities (October 2005 CPU)

The remote Oracle database server is missing the October 2005 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Change Data Capture - Data Guard Logical Standby - Data Pump Export - Database Scheduler - Export - Locale - Materialize...

Debian DSA-1613-1 : libgd2 - multiple vulnerabilities

Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2445 Grayscale PNG files containing invalid tRNS chunk CRC values could cause a...

ATutor1.5.3.2.txt

====================================================================== Atutor ====================================================================== Info:- Download: http://prdownloads.sourceforge.net/atutor/ATutor-1.5.3.2.tar.gz?download Version : ATutor 1.5.3.2...

CVE-2005-3444

Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln DB26...

CVE-2005-3444

The CVE-2005-3444 entry concerns Oracle Database Server (8i–9.2.0.5) with multiple unspecified vulnerabilities in the Programmatic Interface. The description notes unknown impact and attack vectors. The CVSS data provided indicates a high-severity base score (10.0) with network attack vector and ...