Lucene search
+L

321 matches found

Huntr
Huntr
added 2020/05/02 12:0 a.m.17 views

Code Injection in courajs/node-svn

Description The svn module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var SVN = require'svn'; var svn = new SVN'./workingcopy'; svn.info"test; touch...

2.3AI score
Exploits0
Huntr
Huntr
added 2020/05/02 12:0 a.m.21 views

Code Injection in easy-team/node-tool-utils

Description The node-tool-utils module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js const tool = require'node-tool-utils'; tool.checkPortUsed"test; touc...

2.5AI score
Exploits0
Huntr
Huntr
added 2020/05/02 12:0 a.m.62 views

Code Injection in timstudd/node-wkhtmltoimage

Description The wkhtmltoimage module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var wkhtmltoimage = require'wkhtmltoimage';...

1.7AI score
Exploits0
Huntr
Huntr
added 2020/04/21 12:0 a.m.14 views

Code Injection in sidorares/node-wrk

Description The wrk module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var wrk = require'wrk'; wrk threads: 1, connections: 's','aaa', duration:...

1.8AI score
Exploits0
Prion
Prion
added 2020/04/14 7:15 p.m.23 views

Cross site scripting

SAP NetWeaver AS ABAP Business Server Pages application CRMBSPFRAME, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

4.3CVSS5.9AI score0.00654EPSS
Exploits0References2Affected Software1
Huntr
Huntr
added 2020/04/14 12:0 a.m.47 views

Code Injection in elwerene/libreoffice-convert

Description The libreoffice-convert module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js const libre = require'libreoffice-convert'; libre.convert'',...

1.9AI score
Exploits0
Huntr
Huntr
added 2020/04/13 12:0 a.m.18 views

Code Injection in heroku/heroku-exec-util

Description The heroku-exec-util module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var heu = require'heroku-exec-util'; heu.sshargs:,'test; touch...

2AI score
Exploits0
NVD
NVD
added 2020/03/10 9:15 p.m.19 views

CVE-2020-6206

SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mislead the victim to follow malicious instructions inserted by external attackers, leading to Cross Site Request Forgery...

4.7CVSS4.7AI score0.00358EPSS
Exploits0References2
Prion
Prion
added 2019/10/08 8:15 p.m.23 views

Cross site scripting

SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability...

3.5CVSS5.5AI score0.00526EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2019/10/08 7:0 a.m.50 views

Azure Stack Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Azure Stack fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system...

10CVSS3.4AI score0.17833EPSS
Exploits0
Packet Storm
Packet Storm
added 2019/08/11 12:0 a.m.158 views

osTicket 1.12 Formula Injection

Exploit Title: osTicket-v1.12 Formula Injection Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14749 1. Description An issu...

8.8AI score0.09612EPSS
Exploits4
Microsoft CVE
Microsoft CVE
added 2019/05/14 7:0 a.m.31 views

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,...

5.4CVSS1.7AI score0.01697EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.40 views

Azure DevOps Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the us...

6.1CVSS2AI score0.01983EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.39 views

Azure DevOps Server HTML Injection Vulnerability

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An...

6.1CVSS0.6AI score0.01955EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.27 views

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,...

6.1CVSS1.7AI score0.02419EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.21 views

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server,...

6.1CVSS1.7AI score0.02626EPSS
Exploits0
OSV
OSV
added 2019/02/15 6:29 p.m.4 views

CVE-2019-0262

SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting XSS vulnerability...

5.4CVSS5.8AI score0.00886EPSS
Exploits0References3
Veracode
Veracode
added 2019/02/15 7:27 a.m.8 views

Remote Code Execution (RCE)

node-os-utils is vulnerable to remote code execution RCE. The attack exists because it does not properly handle the user inputs, allowing the attacker to inject malicious code...

7.7AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2018/11/13 8:0 a.m.26 views

Team Foundation Server Cross-site Scripting Vulnerability

A Cross-site Scripting XSS vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the...

5.4CVSS2AI score0.01503EPSS
Exploits0
Prion
Prion
added 2018/10/09 1:29 p.m.16 views

Cross site scripting

In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting XSS vulnerability...

3.5CVSS5.3AI score0.00758EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder