50 matches found
LiquidJS is Vulnerable to Remote Code Execution
Summary It is possible to execute arbitrary code with crafted templates Details 1|valueOf - this when evaluating the filter liquid %assign r=1|valueOf% r|inspect json...
Mozilla Thunderbird < 1.5.0.4
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 1.5.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2006-31 advisory. - EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via...
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution RCE. Vulnerable functions: defineGetter, stack,...
SUSE CVE-2006-1731
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when 1 .valueOf.call or 2 .valueOf.apply are called without any arguments, which allows remote...
SUSE CVE-2006-1733
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the 1 valueOf.call or 2...
SUSE CVE-2006-2787
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox...
SUSE CVE-2012-4194
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object aka window.location, which makes it easier for remote attackers to...
SUSE CVE-2013-1697
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with...
SUSE CVE-2015-5123
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installatio...
CVE-2021-23566
A flaw was found in the nanoid library where the valueOf function allows the reproduction of the last id generated. This flaw allows an attacker to expose sensitive information...
GHSA-QRPM-P2H7-HRV2 Exposure of Sensitive Information to an Unauthorized Actor in nanoid
The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...
Information Disclosure
nanoid is vulnerable to information disclosure. The vulnerability exists due to a lack of sanitization of the output of valueOf function which allows an attacker to extract the last id generated...
DEBIAN-CVE-2021-23566
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...
CVE-2021-23566
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...
CVE-2021-23566
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...
Information disclosure
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...
UBUNTU-CVE-2021-23566
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...
CVE-2021-23566
The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...
CVE-2021-23566
CVE-2021-23566 affects nanoid versions 3.0.0 through before 3.1.31, where Information Exposure is possible via valueOf(), allowing reproduction of the last generated ID. Root cause is an information disclosure in valueOf(). Remediation: upgrade to nanoid 3.1.31 or later (the fixed version). Note:...
PT-2022-9413 · Nanoid · Nanoid
Name of the Vulnerable Software and Affected Versions: nanoid versions 3.0.0 through 3.1.30 Description: The issue allows for Information Exposure via the valueOf function, enabling the reproduction of the last generated id. Recommendations: For nanoid versions 3.0.0 through 3.1.30, update to...