Exposure of Sensitive Information to an Unauthorized Actor in traduora/traduora

Description Username Enumeration in traduora. Proof of Concept 1. setup traduora to reproduce the vulnerability 2. go to sign in page http://localhost:8080/login 3. Append non registered user email and password it shows Error,resource not found 4. when Appending correct username and fake password...

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

Description ForkCMS is an easy to use open source CMS using Symfony Components this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/forkcms/forkcms Steps To Reproduce-: 1 install https://github.com/forkcms/forkcms locally or https://demo.fork-cms.com/private/ use demo...

Cross-site Scripting (XSS) - Generic in jsdecena/laracom

Description LaracomLaravel FREE E-Commerce Software this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/jsdecena/laracom Steps To Reproduce-: 1 install https://github.com/jsdecena/laracom locally or https://shop.laracom.net/ use demo 2 in search bar enter javascript...

Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr

Description This package is vulnerable to Cross-site Scripting XSS. The module renders user controllable value in the browser. In "card-rec.php" file, user controllable value coming from "$POST"titre" is directly appended to input field which will reflect back user provided string. An Attacker ca...

Prototype Pollution in whitfin/dot-notes-js

Overview dot-notes is a Two way conversions between objects and dot/bracket notation. This package are vulnerable to Prototype Pollution via. the create function. Proof of Concept const dots = require'dot-notes'; dots.create, 'proto.polluted', true; console.logpolluted;...

Prototype Pollution in acstll/deep-get-set

Description deep-set-get is a Set and get values on objects via dot-notation strings. This package is vulnerable to prototype pollution. POC const deep = require'deep-get-set'; deep,'proto','polluted',true; console.logpolluted;...

Cross-site Scripting (XSS) - Stored in arachnys/cabot

Description Executed Persistent stored XSS in cabot check settings, as well as the address field. As per CVEs present Stored XSS is a High Severity bug. Proof of Concept 1. setup cabot to reproduce the vulnerability 2. create an account now login to the account 3. Go to checks Create and navigate...

Code Injection in swig/swig

Description SWIG is a compiler that integrates C and C++ with languages including Perl, Python, Tcl, Ruby, PHP, Java, C, D, Go, Lua, Octave, R, Scheme Guile, MzScheme/Racket, Scilab, Ocaml. SWIG can also export its parse tree into XML. One of the python tools of swig include a mkdist.py script...

Command Injection in kylefarris/clamscan

Overview clamscan is a Use Node JS to scan files on your server with ClamAV's clamscan binary or clamdscan daemon. This is especially useful for scanning uploaded files provided by un-trusted sources. This package are vulnerable to Command Injection, itt is possible to inject arbitrary commands a...

Command Injection in juanfran/gulp-scss-lint

Overview gulp-scss-lint is a Lint for your .scss files, this package is vulnerable to Command Injection. It is possible to inject arbitrary commands to the exec function located in src/command.js via the provided options. Proof of Concept by JHU System Security Lab var root =...

OS Command Injection in adrieankhisbe/bundle-phobia-cli

Description BundlePhobia is a tool to help you find the cost of adding a npm package to your bundle. It enables you to query package sizes. The npm-utils.js has a unsanitized exec function which leads to Arbitrary code execution Proof-of-concept const util = require'./npm-utils.js'; let a =...

Cross-site Scripting (XSS) - Stored in monicahq/monica

Description HTML codes can be entered and successfully run in the journal session of Monica, which allows an attacker to trigger XSS query's like causing a persistant stored XSS in the journal session. files at monica/2. Fix Suggestion Sanitize the input / escape the xss charecters or else escape...

Code Injection in ionicabizau/git-stats

Overview git-stats is a js package for local git statistics including GitHub-like contributions calendars. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in any of the options.start or options.end values...

Prototype Pollution in kvz/locutus

Description phpjs is a community built PHP binding in JavaScript. This package is vulnerable to Prototype Pollution via parsestr. Proof of Concept const phpjs = require'phpjs'; phpjs.parsestr"protopolluted=true",; console.logpolluted;...

in spunjs/selenium-binaries

Overview selenium-binaries assists downloading Selenium related binaries for your OS, this package is vulnerable to Man in the Middle MitM attacks due to downloading resources over an insecure protocol...

Path Traversal in rwson/server-static

Overview server-static is a static file server, this package is vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server. For example, requesting the following URL: /../../etc/passwd would result in /etc/passwd leaking...

in imsobear/node-browser

Overview node-browser is a wrapper webdriver by Node.js, this package is vulnerable to Man in the Middle MitM attacks due to downloading resources over an insecure protocol. Without a secure connection, it is possible for an attacker to intercept this connection and alter the packages received. I...

Insecure Storage of Sensitive Information in smirzaei/rails-session-decoder

Overview rails-session-decoder is a simple utility for decoding Rails 4.x sessions in Node.js, this package are vulnerable to Information Exposure. Missing verification of the Message Authentication Code appended to the cookies may lead to decryption of cipher text, exposing encrypted information...

Path Traversal in marcbachmann/node-html-pdf

Overview html-pdf is a Html to pdf converter in Node.js, this package is vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input...

Path Traversal in youngerheart/nodeserver

Overview nodeserver is a Achieve node server's domain name resolution and web application's router, this package is vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server. For example, requesting the following URL: /../../etc/passwd would result in...

Path Traversal in simbco/httpster

Description I would like to report a Path Traversal vulnerability in the httpster module. It allows an attacker to read system files via a Path Traversal vulnerability. With a symbolically linked file in the working directory, it is possible to read arbitrary files outside of the web root...

Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. Special characters provided as part of the Referer HTTP header. is reflected within htdocs/user/passwordforgotten.php...

Command Injection in sh0ji/git-tags-remote

Overview git-tags-remote is a Get remote repository tags, this package is vulnerable to Command Injection. The package fails to sanitize the repository input and passes it directly to an exec call on the get function . This can allow attackers to execute arbitrary code in the system if the...

Code Injection in z4nzu/hackingtool

Description The hackingtool by Z4nzu is a pool of pentest tools that is useful to hackers to do fast hacking from information gathering to web attacks to wireless hacking and much more which are provided in terminal UI. It is built using python3. However it uses os.system command in various place...

Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr

Description dolibarr is a modern and easy to use web software to manage your business. The error page is vulnerable to self XSS because of lack of escaping on $SERVER'HTTPUSERAGENT' variable before printing it. The flaw is in the dolprinterror function in the htdocs/core/lib/functions.lib.php fil...

Code Injection in mahdaen/node-import

Overview node-import is a package that imports dependencies and run it directly or concatenate them and exports to file. This package is vulnerable to Arbitrary Code Execution. The params argument of the module function can be controlled by users without any sanitization. This is then provided to...

Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr

Overview dolibarr is a modern and easy to use web software to manage your business. This package is vulnerable to Cross-site Scripting XSS. The module renders user-uploaded html files in the browser when the attachment parameter is removed from the direct download URL...

Code Injection in swooningfish/ffmpeg-web-gui

Description The ffmpeg-web-gui project is a simple video converter written in PHP which uses the ffmpeg command to convert videos in HTML formats. The issue arises at the following line: https://github.com/swooningfish/ffmpeg-web-gui/blob/master/upload-and-convert.phpL176. The arbitrary command...

Command Injection in 1000ch/install-package

Overview install-package is a package that installs node modules from JavaScript. This package is vulnerable to Command Injection, the argument options can be controlled by users without any sanitization giving attackers the ability to execute malicious code. POC var root =...

Denial of Service in nescalante/urlregex

Overview urlregex No-dependency URL validation for Node and the browser. This package is vulnerable to Regular Expression Denial of Service ReDoS. An attacker providing a long string in String.test can cause a Denial of Service attack. PoC node const urlRegex = require"urlregex"; const isValid =...

Denial of Service in gajus/url-regexp

Overview RegExp object to match and validate URLs. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker providing a long URL to validate or replace function will cause a Denial of Service attack. PoC node var regex = require"url-regexp";...

Code Injection in strider-cd/strider-git

Overview strider-git allows strider to use any git repository for a project. he issue occurs because a user input is formatted inside a command that will be executed without any check...

Code Injection in eugeneware/windows-edge

Overview windows-edge allows you to launch a new Microsoft Edge tab on Windows The issue occurs because a user input is formatted inside a command that will be executed without any check...

Denial of Service in manolo/gwtupload

Overview com.googlecode.gwtupload:gwtupload is a library for uploading files to web servers, showing a progress bar with real information about the process file size, bytes transferred, etc. Affected versions of this package are vulnerable to Denial of Service DoS. server/UploadServlet.java the...

in conradirwin/em-imap

Overview em-imap is a gem that allows you to connect to an IMAP4rev1 server in a non-blocking fashion. Affected versions of this package are vulnerable to Man-in-the-Middle MitM. The hostname in a TLS server certificate is not verified. An attacker can acquire the identity of a trusted server and...

Code Injection in domharrington/node-gitlog

Description The gitlogplus module is vulnerable against an arbitrary command injection issue which is made possible since some user-inputs are executed inside a command which doesn't have validations of any kind. POC 1. Create the following PoC file: js // poc.js var git = require'gitlogplus';...

Code Injection in vishwanatharondekar/gitlab-cli

Description The git-lab-cli module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Check there aren't files called HACKED 2. Execute the following commands in another terminal: bash npm i git-lab-cli...

Command Injection in thebeet/idevicekit

Overview Affected versions execute arbitrary commands remotely inside the victim's PC. The issue occurs because user input is formatted inside a command that will be executed without any checks. There is a possible bypass of the checkSerial function leading to malicious serial variable content...

Command Injection in forsigner/node-pngdefry

Overview Affected versions execute arbitrary commands remotely inside the victim's PC. The issue occurs because user input is formatted inside a command that will be executed without any checks...

Command Injection in zaach/jison

Overview jison is a package that provides an API for creating parsers in JavaScript. Affected versions of this package are vulnerable to Command Injection. Arbitrary OS shell command execution is possible through a crafted command-line argument...

Code Injection in timstudd/node-wkhtmltoimage

Description The wkhtmltoimage module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var wkhtmltoimage = require'wkhtmltoimage';...

Code Injection in easy-team/node-tool-utils

Description The node-tool-utils module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js const tool = require'node-tool-utils'; tool.checkPortUsed"test; touc...

Code Injection in courajs/node-svn

Description The svn module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var SVN = require'svn'; var svn = new SVN'./workingcopy'; svn.info"test; touch...

Code Injection in sidorares/node-wrk

Description The wrk module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var wrk = require'wrk'; wrk threads: 1, connections: 's','aaa', duration:...

Code Injection in rapidfacture/pdf-toolz

Description The pdf-toolz module is vulnerable against arbitrary command injection due to the fact some inputs given by the user are unsafely processed and executed. POC 1. Create the following PoC file: js // poc.js var pdf = require'pdf-toolz/PDF2Image'; pdf.pdfToImage"a", "test; touch HACKED; ...

Code Injection in elwerene/libreoffice-convert

Description The libreoffice-convert module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js const libre = require'libreoffice-convert'; libre.convert'',...

Code Injection in heroku/heroku-exec-util

Description The heroku-exec-util module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var heu = require'heroku-exec-util'; heu.sshargs:,'test; touch...

Code Injection in keymetrics/vizion

Overview The issue is an RCE triggerable via the module. This is possible because in the https://github.com/keymetrics/vizion/blob/master/lib/git/git.jsL228 line, the git reset --hard command is concatenated with a unsanitized input: js var command = cliCommandargs.folder, "git reset --hard " +...

Cross-Site Request Forgery (CSRF) in tuhinshubhra/extanalysis

Overview The ExtAnalysis project is vulnerable against various CSRFs, that could lead to loss of functionalities and placement of malicious files in arbitrary directories without knowledge of the victim. Proof of Concept Credit: Mik317 1. Download the git project and run the server through the...

Command Injection in joeyism/node-git-lib

Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Create the following PoC file: js // poc.js var git = require"git-lib"; git .add"test;touch HACKED;" .thenfunction / successfully added /...