4072 matches found
Prototype Pollution in coderaiser/nessy
Description nessy is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var nessy = require"nessy" var obj = console.log"Before : " +...
Prototype Pollution in sonnyp/json8
Description json8-pointer is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var json8Pointer = require"json8-pointer"...
Prototype Pollution in sonnyp/json8
Description json8-patch is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var json8Patch = require"json8-patch" var obj = const pat...
Cross-site Scripting (XSS) - Generic in alibaba/bizcharts
Description bizcharts is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce-: 1. Open NPM repo https://www.npmjs.com/package/bizcharts 2. Open the demo https://bizcharts.net/product/BizCharts4/gallery 3. Select any chartI used pie chart Ex: https://bizcharts.net/product/BizCharts4/demo/37...
in microweber/microweber
Description microweber/microweber is vulnerable to Arbitrary File Upload. Effective controls have not been implemented to restrict users from uploading malicious content to the web server. Files containing code like .php, .exe and etc can be uploaded successfully. Steps To Reproduce-: 1. Login in...
Denial of Service in locutusjs/locutus
Description locutus is vulnerable to ReDoS. The regular expression at src/php/network/inetpton.js:24 is vulnerable to ReDoS. It is possible to cause increasing slow-downs which lock the event loop by passing strings which have some number of repeating a characters followed by a . character. For...
Prototype Pollution in yargs/y18n
Description y18n is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js const y18n = require'y18n'; var obj = console.log"Before : " +...
Prototype Pollution in sagold/gson-query
Description gson-query is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var gsonQuery = require"gson-query" var obj =...
Prototype Pollution in starcounter-jack/json-patch
Description fast-json-patch is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js let fastjsonpatch = require"fast-json-patch"; functio...
Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr
Description The application is vulnerable to html injection in password reset functionality. PoC CLICK ME...
Prototype Pollution in yeikos/js.merge
Overview merge is used to merge multiple objects into one object. Affected versions of this package are vulnerable to Prototype Pollution via the merge.recursive function. It can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all object...
in seleniumhq/selenium
Description Selenium is an umbrella project encapsulating a variety of tools and libraries enabling web browser automation. Selenium specifically provides infrastructure for the W3C WebDriver specification — a platform and language-neutral coding interface compatible with all major web browsers...
Prototype Pollution in liriliri/licia
Description licia package is vulnerable to prototype pollution issue files can be found in https://github.com/liriliri/licia/blob/master/src/e/extendDeep.js & https://github.com/liriliri/licia/blob/master/src/s/safeSet.jsL46 Proof of Concept 1. Creating poc filed js var utils = require'licia'; va...
Prototype Pollution in mariocasciaro/object-path
Overview object-path is a tiny JavaScript utility to access deep properties using a path for Node and the Browser Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be...
Prototype Pollution in pierreinglebert/json-merge-patch
Description json-merge-patch is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following Po...
Cross-site Scripting (XSS) - Generic in forkcms/forkcms
Description ForkCMS is an easy to use open source CMS using Symfony Components this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/forkcms/forkcms Steps To Reproduce-: 1 install https://github.com/forkcms/forkcms locally or https://demo.fork-cms.com/private/ use demo...
Cross-site Scripting (XSS) - Generic in jsdecena/laracom
Description LaracomLaravel FREE E-Commerce Software this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/jsdecena/laracom Steps To Reproduce-: 1 install https://github.com/jsdecena/laracom locally or https://shop.laracom.net/ use demo 2 in search bar enter javascript...
Exposure of Sensitive Information to an Unauthorized Actor in traduora/traduora
Description Username Enumeration in traduora. Proof of Concept 1. setup traduora to reproduce the vulnerability 2. go to sign in page http://localhost:8080/login 3. Append non registered user email and password it shows Error,resource not found 4. when Appending correct username and fake password...
Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr
Description This package is vulnerable to Cross-site Scripting XSS. The module renders user controllable value in the browser. In "card-rec.php" file, user controllable value coming from "$POST"titre" is directly appended to input field which will reflect back user provided string. An Attacker ca...
Prototype Pollution in whitfin/dot-notes-js
Overview dot-notes is a Two way conversions between objects and dot/bracket notation. This package are vulnerable to Prototype Pollution via. the create function. Proof of Concept const dots = require'dot-notes'; dots.create, 'proto.polluted', true; console.logpolluted;...
Prototype Pollution in acstll/deep-get-set
Description deep-set-get is a Set and get values on objects via dot-notation strings. This package is vulnerable to prototype pollution. POC const deep = require'deep-get-set'; deep,'proto','polluted',true; console.logpolluted;...
Cross-site Scripting (XSS) - Stored in arachnys/cabot
Description Executed Persistent stored XSS in cabot check settings, as well as the address field. As per CVEs present Stored XSS is a High Severity bug. Proof of Concept 1. setup cabot to reproduce the vulnerability 2. create an account now login to the account 3. Go to checks Create and navigate...
Code Injection in swig/swig
Description SWIG is a compiler that integrates C and C++ with languages including Perl, Python, Tcl, Ruby, PHP, Java, C, D, Go, Lua, Octave, R, Scheme Guile, MzScheme/Racket, Scilab, Ocaml. SWIG can also export its parse tree into XML. One of the python tools of swig include a mkdist.py script...
Command Injection in juanfran/gulp-scss-lint
Overview gulp-scss-lint is a Lint for your .scss files, this package is vulnerable to Command Injection. It is possible to inject arbitrary commands to the exec function located in src/command.js via the provided options. Proof of Concept by JHU System Security Lab var root =...
Command Injection in kylefarris/clamscan
Overview clamscan is a Use Node JS to scan files on your server with ClamAV's clamscan binary or clamdscan daemon. This is especially useful for scanning uploaded files provided by un-trusted sources. This package are vulnerable to Command Injection, itt is possible to inject arbitrary commands a...
OS Command Injection in adrieankhisbe/bundle-phobia-cli
Description BundlePhobia is a tool to help you find the cost of adding a npm package to your bundle. It enables you to query package sizes. The npm-utils.js has a unsanitized exec function which leads to Arbitrary code execution Proof-of-concept const util = require'./npm-utils.js'; let a =...
Cross-site Scripting (XSS) - Stored in monicahq/monica
Description HTML codes can be entered and successfully run in the journal session of Monica, which allows an attacker to trigger XSS query's like causing a persistant stored XSS in the journal session. files at monica/2. Fix Suggestion Sanitize the input / escape the xss charecters or else escape...
Code Injection in ionicabizau/git-stats
Overview git-stats is a js package for local git statistics including GitHub-like contributions calendars. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in any of the options.start or options.end values...
Prototype Pollution in kvz/locutus
Description phpjs is a community built PHP binding in JavaScript. This package is vulnerable to Prototype Pollution via parsestr. Proof of Concept const phpjs = require'phpjs'; phpjs.parsestr"protopolluted=true",; console.logpolluted;...
in imsobear/node-browser
Overview node-browser is a wrapper webdriver by Node.js, this package is vulnerable to Man in the Middle MitM attacks due to downloading resources over an insecure protocol. Without a secure connection, it is possible for an attacker to intercept this connection and alter the packages received. I...
in spunjs/selenium-binaries
Overview selenium-binaries assists downloading Selenium related binaries for your OS, this package is vulnerable to Man in the Middle MitM attacks due to downloading resources over an insecure protocol...
Path Traversal in marcbachmann/node-html-pdf
Overview html-pdf is a Html to pdf converter in Node.js, this package is vulnerable to Arbitrary File Read. The package fails to sanitize the HTML input, allowing attackers to exfiltrate server files by supplying malicious HTML code. XHR requests in the HTML code are executed by the server. Input...
Insecure Storage of Sensitive Information in smirzaei/rails-session-decoder
Overview rails-session-decoder is a simple utility for decoding Rails 4.x sessions in Node.js, this package are vulnerable to Information Exposure. Missing verification of the Message Authentication Code appended to the cookies may lead to decryption of cipher text, exposing encrypted information...
Path Traversal in youngerheart/nodeserver
Overview nodeserver is a Achieve node server's domain name resolution and web application's router, this package is vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server. For example, requesting the following URL: /../../etc/passwd would result in...
Path Traversal in rwson/server-static
Overview server-static is a static file server, this package is vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server. For example, requesting the following URL: /../../etc/passwd would result in /etc/passwd leaking...
Path Traversal in simbco/httpster
Description I would like to report a Path Traversal vulnerability in the httpster module. It allows an attacker to read system files via a Path Traversal vulnerability. With a symbolically linked file in the working directory, it is possible to read arbitrary files outside of the web root...
Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. Special characters provided as part of the Referer HTTP header. is reflected within htdocs/user/passwordforgotten.php...
Command Injection in sh0ji/git-tags-remote
Overview git-tags-remote is a Get remote repository tags, this package is vulnerable to Command Injection. The package fails to sanitize the repository input and passes it directly to an exec call on the get function . This can allow attackers to execute arbitrary code in the system if the...
Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr
Description dolibarr is a modern and easy to use web software to manage your business. The error page is vulnerable to self XSS because of lack of escaping on $SERVER'HTTPUSERAGENT' variable before printing it. The flaw is in the dolprinterror function in the htdocs/core/lib/functions.lib.php fil...
Code Injection in z4nzu/hackingtool
Description The hackingtool by Z4nzu is a pool of pentest tools that is useful to hackers to do fast hacking from information gathering to web attacks to wireless hacking and much more which are provided in terminal UI. It is built using python3. However it uses os.system command in various place...
Code Injection in mahdaen/node-import
Overview node-import is a package that imports dependencies and run it directly or concatenate them and exports to file. This package is vulnerable to Arbitrary Code Execution. The params argument of the module function can be controlled by users without any sanitization. This is then provided to...
Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr
Overview dolibarr is a modern and easy to use web software to manage your business. This package is vulnerable to Cross-site Scripting XSS. The module renders user-uploaded html files in the browser when the attachment parameter is removed from the direct download URL...
Code Injection in swooningfish/ffmpeg-web-gui
Description The ffmpeg-web-gui project is a simple video converter written in PHP which uses the ffmpeg command to convert videos in HTML formats. The issue arises at the following line: https://github.com/swooningfish/ffmpeg-web-gui/blob/master/upload-and-convert.phpL176. The arbitrary command...
Command Injection in 1000ch/install-package
Overview install-package is a package that installs node modules from JavaScript. This package is vulnerable to Command Injection, the argument options can be controlled by users without any sanitization giving attackers the ability to execute malicious code. POC var root =...
Denial of Service in nescalante/urlregex
Overview urlregex No-dependency URL validation for Node and the browser. This package is vulnerable to Regular Expression Denial of Service ReDoS. An attacker providing a long string in String.test can cause a Denial of Service attack. PoC node const urlRegex = require"urlregex"; const isValid =...
Denial of Service in gajus/url-regexp
Overview RegExp object to match and validate URLs. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker providing a long URL to validate or replace function will cause a Denial of Service attack. PoC node var regex = require"url-regexp";...
Code Injection in eugeneware/windows-edge
Overview windows-edge allows you to launch a new Microsoft Edge tab on Windows The issue occurs because a user input is formatted inside a command that will be executed without any check...
Code Injection in strider-cd/strider-git
Overview strider-git allows strider to use any git repository for a project. he issue occurs because a user input is formatted inside a command that will be executed without any check...
Denial of Service in manolo/gwtupload
Overview com.googlecode.gwtupload:gwtupload is a library for uploading files to web servers, showing a progress bar with real information about the process file size, bytes transferred, etc. Affected versions of this package are vulnerable to Denial of Service DoS. server/UploadServlet.java the...
in conradirwin/em-imap
Overview em-imap is a gem that allows you to connect to an IMAP4rev1 server in a non-blocking fashion. Affected versions of this package are vulnerable to Man-in-the-Middle MitM. The hostname in a TLS server certificate is not verified. An attacker can acquire the identity of a trusted server and...