CVEs-PoC/2020/CVE-2020-13110.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 19:17:37 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search.

POC

Reference

https://medium.com/@kiddo_Ha3ker/dll-injection-attack-in-kerberos-npm-package-cb4b32031cd
https://www.op-c.net/2020/05/15/dll-injection-attack-in-kerberos-npm-package/

Github

https://github.com/ARPSyndicate/cvemon

817 B Raw Blame History

CVE-2020-13110

Description

POC

Reference

Github

817 B

Raw Blame History