Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
HuntrRecent
RecentMost viewed

4057 matches found

Huntr
Huntradded 2020/04/03 12:0 a.m.13 views

Command Injection in ionicabizau/node-gry

Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Create the following PoC file: js // poc.js const Repo = require"gry"; var myRepo = new Repo"."; myRepo.pull"test; touch HACKED; ", function...

1.3AI score
Exploits0
Huntr
Huntradded 2020/04/02 12:0 a.m.11 views

Command Injection in node-virtualization/node-virtualbox

Overview The issue occurs because a user input is formatted inside a command that will be executed without any check...

4.2AI score
Exploits0
Huntr
Huntradded 2020/03/27 12:0 a.m.16 views

Command Injection in zamotany/logkitty

Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Check there aren't files called HACKED 2. Execute the following commands in another terminal: bash npm i logkitty Install affected module logkit...

7.5CVSS2.1AI score0.02036EPSS
Exploits1
Huntr
Huntradded 2020/03/27 12:0 a.m.18 views

Command Injection in quobject/aws-cli-js

Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. The issue arises here. Proof of Concept Credit: Mik317 1. Create the following PoC file: js // poc.js var awsCli = require"aws-cli-js"; var Options = awsCli.Options; var Aws =...

1.7AI score
Exploits0
Huntr
Huntradded 2020/02/21 12:0 a.m.25 views

Code Injection in commenthol/safer-eval

Overview safer-eval is a safer approach for eval in node and browser. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError: Maximum call stack size exceeded. Proof of Concept Credit: Jonathan Leitschuh js const theFunction = function const f =...

7.5CVSS1.5AI score0.00525EPSS
Exploits1References3
Huntr
Huntradded 2019/11/02 12:0 a.m.87 views

Code Injection in mateodelnorte/meta-git

Description The meta-git module is vulnerable against command injection since the user-supplied inputs are concatenated with a command which is executed without validation. POC 1. Create a new directory and insert some test files: bash mkdir tests cd tests touch test touch secret touch files 2...

1.1AI score
Exploits0
Huntr
Huntradded 2019/08/18 12:0 a.m.15 views

Cross-site Scripting (XSS) - Generic in boxbilling/boxbilling

Overview Boxbilling is a free billing & client management software Affected versions of this software are vulnerable to Cross-site Scripting XSS. It is possible to inject JavaScript with object decoding such as alert1 resulting in XSS. Technical Description if we look in...

1.9AI score
Exploits0References2
Total number of security vulnerabilities4057