1635 matches found
Downloads Resources over HTTP
Overview Affected versions of aerospike insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...
Cross-Site Scripting
Overview Affected versions of sanitize-html are vulnerable to cross-site scripting when allowedTags includes at least one nonTextTag. Proof of Concept var sanitizeHtml = require'sanitize-html'; var dirty = '!/textarea!'; var clean = sanitizeHtmldirty, allowedTags: 'textarea' ; console.logclean; /...
Root Path Disclosure
Overview Versions of send prior to 0.11.2 are affected by an information leakage vulnerability which may allow an attacker to enumerate paths on the server filesystem. Recommendation Update to version 0.11.1 or later. References - PR 70 - Express Changelog - 2015/01/20 - GitHub Advisory...
Potential Command Injection
Overview Versions 1.0.3 and earlier of libnotify are affected by a shell command injection vulnerability. This may result in execution of arbitrary shell commands, if user input is passed into libnotify.notify. Untrusted input passed in the call to libnotify.notify could result in execution of...
Prototype Pollution
Overview json-pointer before 0.6.1 is vulnerable to prototype pollution. Multiple reference of object using slash is supported. Recommendation Upgrade to version 0.6.1 or later References - CVE - GitHub Advisory...
Cross-site scripting in TinyMCE
Overview tinymce before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor. Recommendation Upgrade to versions 4.9.7, 5.1.4 or later References - CVE - GitHub Advisory...
Command Injection
Overview There is a command injection vulnerability in systeminformation which allows for injection of commands to the command line of your machine. Affected commands: inetLatency. The problem was fixed by sanitizing the shell string. Recommendation Upgrade to version 4.31.1 or later. References ...
Rate Limiting Bypass
Overview All versions of express-brute are vulnerable to Rate Limiting Bypass. Concurrent requests may lead to race conditions that cause the package to incorrectly count requests. This may allow an attacker to bypass the rate limiting provided by the package and execute requests without limiting...
Hijacked Environment Variables
Overview The nodemailer-js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...
Directory Traversal
Overview Affected versions of picard resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal
Overview Affected versions of ritp resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal
Overview Affected versions of mfrserver resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal
Overview Affected versions of hostr are vulnerable to directory traversal which allows attackers to read files outside the current directory by sending ../ in the url path for GET requests. Recommendation Upgrade to version 2.3.6 or later. References - Issue 8 - GitHub Advisory...
Downloads Resources over HTTP
Overview Affected versions of roslib-socketio insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...
Downloads Resources over HTTP
Overview Affected versions of healthcenter insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...
Downloads Resources over HTTP
Overview Affected versions of bkjs-wand insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...
Cross-Site Scripting
Overview Affected versions of forms do not properly escape HTML in generated forms, which may result in cross-site scripting. Recommendation Update to version 1.3.0 or later. References - Commit bc01e53 - GitHub Advisory...
Cross-Site Scripting
Overview Affected versions of dojo are susceptible to a cross-site scripting vulnerability in the dijit.Editor and textarea components, which execute their contents as Javascript, even when sanitized. Recommendation Update to version 1.1 or later. References - Dojo Toolkit Bug Tracker - Bug 2140 ...
Prototype Pollution
Overview Impact Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. Workarounds A workaround is to...
Regular Expression Denial of Service
Overview fast-csv and @fast-csv/parse before version 4.3.6 has a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. Impact You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is...
Malicious Package
Overview The package discord.app contained malicious code. The package ran a postinstall script that executed an.exe file containing Trojan malware. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...
Regular Expression Denial of Service
Overview Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue. Recommendation Version 2.x.x: Update to...
Regular Expression Denial of Service
Overview Affected versions of timespan are vulnerable to a regular expression denial of service when parsing dates. The amplification for this vulnerability is significant, with 50,000 characters resulting in the event loop being blocked for around 10 seconds. Recommendation No direct patch is...
Directory Traversal
Overview intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Example Request: GET /../../../../../../../../../../etc/passwd HTTP/1.1 host:localhost and the server's Response HTTP/1.1...
Directory Traversal
Overview Affected versions of mfrs resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal
Overview Affected versions of uv-tj-demo resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal
Overview Affected versions of dmmcquay.lab6 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...
Directory Traversal
Overview Affected versions of lessindex resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal
Overview Affected versions of hcbserver resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Cross-Site Scripting (XSS)
Overview Affected versions of restify are susceptible to a cross-site scripting vulnerability when using URL encoded script tags in a non-existent URL. Proof of Concept: Request https://localhost:3000/no5such3file7.pl?%22%3E%3Cscript%3Ealert73541;%3C/script%3E Will be included in response:...
Downloads Resources over HTTP
Overview Affected versions of mystem-fix insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...
Downloads Resources over HTTP
Overview Affected versions of arcanist insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...
Downloads Resources over HTTP
Overview Affected versions of windows-selenium-chromedriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting ...
Downloads Resources over HTTP
Overview Affected versions of soci insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
Downloads Resources over HTTP
Overview Affected versions of jstestdriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...
Downloads Resources over HTTP
Overview Affected versions of cue-sdk-node insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...
Downloads Resources over HTTP
Overview Affected versions of ipip insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...
Downloads Resources over HTTP
Overview Affected versions of ibmdb insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...
Downloads Resources over HTTP
Overview Affected versions of appium-chromedriver insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read items send over HTTP at will. In this case, that includes the chromedriver binary, which may result in remote code...
CSRF Vulnerability
Overview Versions 1.0.3 and earlier of jquery-ujs are vulnerable to an information leakage attack that may enable attackers to launch CSRF attacks, as it allows attackers to send CSRF tokens to external domains. When an attacker controls the href attribute of an anchor tag, or the action attribut...
Cross-Site Scripting
Overview Insufficient validation in cross-origin communication postMessage in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks. Recommendation Upgrade to version 3.9.2 or later References - CVE - GitHub Advisory...
Path traversal
Overview url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. Recommendation Upgrade to version 1.5.0 or later References - CVE - GitHub Advisory...
Prototype Pollution
Overview y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to prototype pollution. POC const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true Recommendation Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later References - CVE - Snyk...
Remote Code Execution
Overview Impact In affected versions of pug and pug-code-gen, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remot...
Regular Expression Denial of Service
Overview fast-csv and @fast-csv/parse before version 4.3.6 has a possible ReDoS vulnerability Regular Expression Denial of Service when using ignoreEmpty option when parsing. Impact You will only be affected by this if you use the ignoreEmpty parsing option. If you do use this option it is...
Malicious Package
Overview The package wsbd.js contained malicious code. The package ran a postinstall script that executed an.exe file containing Trojan malware. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...
File restriction bypass in socket.io-file
Overview All versions of socket.io-fileare vulnerable to a file restriction bypass. The validation for valid file types only happens on the client-side, which allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types. Recommendation No...
Directory Traversal
Overview Affected versions of dasafio resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal
Overview Affected versions of qinserve resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal
Overview Affected versions of ltt resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Examp...