DEBIAN-CVE-2020-25704

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERFEVENTIOCSETFILTER. A local user could use this flaw to starve the resources causing denial of service...

UBUNTU-CVE-2020-25704

A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERFEVENTIOCSETFILTER. A local user could use this flaw to starve the resources causing denial of service...

Ahdinosaur Set-in Security Vulnerability

Ahdinosaur Set-in is a Js-based codebase from the individual developer of Ahdinosaur that can assign values to keys in nested associative structures. A security vulnerability exists in Ahdinosaur Set-in versions 1.0.0 through 2.0.0, which stems from a prototype contamination vulnerability that...

CVE-2020-15256

A flaw was found in object-path. A prototype pollution vulnerability has been found in object-path affecting the set method. The vulnerability is limited to the includeInheritedProps mode if version = 0.11.0 is used, which has to be explicitly enabled by creating a new instance of object-path and...

Hrsale Cross-Site Scripting Vulnerability

Hrsale is an HRMS written in PHP by the Hrsale team. A cross-site scripting vulnerability exists in HRSALE 2.0.0. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via the admin/project/projectscalendar setdate parameter...

CVE-2020-29053

HRSALE 2.0.0 allows XSS via the admin/project/projectscalendar setdate parameter...

Hrsale 跨站脚本漏洞

Hrsale is an HRMS written in PHP by the Hrsale team. A cross-site scripting vulnerability exists in HRSALE 2.0.0. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via the admin/project/projectscalendar setdate parameter...

CVE-2020-7842

Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting using ntpServerlp1 parameter for the users. This affects D'live set-top box APWF2429TB v1.1.10...

Input validation

Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting using ntpServerlp1 parameter for the users. This affects D'live set-top box APWF2429TB v1.1.10...

U.S. General Services Administration: CRLF INJECTION

Vulnerable url - https://www.epay.fas.gsa.gov/%0D%0ASet-Cookie:crlfinjection=crlfinjection Impact an attacker can set new header...

Taskcafe 0.1.0 / 0.1.1 Cross Origin Resource Sharing

Exploit Title: Taskcafé 0.1.0 and 0.1.1- Cross-Origin Resource Sharing Date: 2020- 09- 02 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://github.com/JordanKnott/ Software Link: https://github.com/JordanKnott/taskcafe Version: 0.1.0 and 0.1.1 Tested on: Kali Linux 2020.3 POC: The web...

Prototype Pollution

@strikeentco/set is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CVE-2020-7766

This affects all versions of package json-ptr. The issue occurs in the set operation https://flitbit.github.io/json-ptr/classes/srcpointer.jsonpointer.htmlset when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the...

CVE-2020-28267

Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution...

Code injection

This affects all versions of package json-ptr. The issue occurs in the set operation https://flitbit.github.io/json-ptr/classes/srcpointer.jsonpointer.htmlset when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the...

Remote code execution

Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28267

CVE-2020-28267 concerns a prototype pollution vulnerability in the package @strikeentco/set version 1.0.0. The available connected documents describe the flaw as prototype pollution that allows an attacker to cause a denial of service and may lead to remote code execution. No explicit exploitatio...

CVE-2020-7766 Prototype Pollution

This affects all versions of package json-ptr. The issue occurs in the set operation https://flitbit.github.io/json-ptr/classes/srcpointer.jsonpointer.htmlset when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the...

PT-2020-19778 · Json Ptr · Json-Ptr

Name of the Vulnerable Software and Affected Versions: json-ptr versions prior to 2.1.0 Description: The issue occurs in the set operation when the force flag is set to true. The function recursively sets the property in the target object, however it does not properly check the key being set,...

PT-2020-6817 · Clusterlabs +1 · Clusterlabs Hawk +1

Name of the Vulnerable Software and Affected Versions: ClusterLabs Hawk versions 2.3.0 through 2.3.0-15 Description: The issue in ClusterLabs Hawk is related to the hawk invoke binary, which is intended to be used as a setuid program, allowing the hacluster user to invoke certain commands as root...