[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 253351 Download | Alert*

Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server.

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.

atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.

The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine.

The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.

There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name.

The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.


Pages:      Start    10644    10645    10646    10647    10648    10649    10650    10651    10652    10653    10654    10655    10656    10657    ..   25335

© SecPod Technologies