UBUNTU-CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

UBUNTU-CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

CVE-2019-16776

CVE-2019-16776 affects the npm CLI prior to 6.13.3 and arises from improper handling of the bin field. A crafted bin entry can cause arbitrary file writes outside the intended node_modules folder, enabling a publisher to modify or access arbitrary files on a user’s system during installation; exp...

CVE-2019-16776 Unauthorized File Access in npm CLI before before version 6.13.3

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

CVE-2019-16775 Unauthorized File Access in npm CLI before before version 6.13.3

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

CVE-2019-16775

CVE-2019-16775 concerns the npm CLI prior to version 6.13.3. The vulnerability allows a package publisher to create symlinks to arbitrary files outside the node_modules folder via the package.json bin field during installation, and the behavior can also occur through install scripts. This could e...

CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

npm CLI Arbitrary File Write Vulnerability

The npm CLI is a JavaScript package manager. An arbitrary file write vulnerability exists in npm CLI versions prior to 6.13.3, which can be exploited by an attacker to write arbitrary files...

Arbitrary File Write

Overview Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create...

Arbitrary File Write

Overview yarn is a package for dependency management. Affected versions of this package are vulnerable to Arbitrary File Write. The package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted bin keys. Existing files could be...

Arbitrary File Write

Overview @pnpm/package-bins is a that returns bins of a package. Affected versions of this package are vulnerable to Arbitrary File Write. The package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted bin keys. Existing files coul...

npm CLI CVE-2019-16776 Arbitrary File Write Vulnerability

Description npm CLI is prone to an arbitrary file-write vulnerability. Successful exploits may allow an attacker to gain access or perform unauthorized actions on arbitrary files on the affected system. Versions prior to npm 6.13.3 are vulnerable. Technologies Affected Oracle GraalVM Enterprise...

Arbitrary File Write

Overview Versions of bin-links prior to 1.1.5 are vulnerable to an Arbitrary File Write. The package fails to restrict access to folders outside of the intended nodemodules folder through the bin field. This allows attackers to create arbitrary files in the system. Note it is not possible to...

CVE-2019-19459

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...

SALTO ProAccess SPACE Arbitrary File Write Vulnerability

Salto Systems ProAccess SPACE is a web-based access control management tool from Salto Systems, Spain. A security vulnerability exists in Salto Systems ProAccess SPACE version 5.4.3.0. An attacker can exploit the vulnerability to write arbitrary files...

The vulnerability of the command-line interface (CLI) of the microprogramming software for Cisco TelePresence Collaboration Endpoint devices allows a hacker to write arbitrary files into the root directory.

The vulnerability of the command-line interface CLI of the Cisco TelePresence Collaboration Endpoint CE device’s management software is related to improper handling of permissions. Exploiting this vulnerability could allow an attacker to write arbitrary files into the root directory...

DEBIAN-CVE-2014-9356

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...

Arbitrary File Write in iobroker.js-controller

Versions of iobroker.controller prior to 2.0.25 are vulnerable to Path Traversal. The package fails to restrict access to folders outside of the intended /adapter/ folder, which may allow attackers to include arbitrary files in the system. An attacker would need to be authenticated to perform the...

SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SALTO ProAccess SPACE vulnerable version: = v5.6 CVE number: CVE-2019-19457, CVE-2019-19458, CVE-2019-19459, CVE-2019-19460...