7184 matches found
CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
Code injection
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
Code injection
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
UBUNTU-CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
UBUNTU-CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
CVE-2019-16776 Unauthorized File Access in npm CLI before before version 6.13.3
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
CVE-2019-16776
CVE-2019-16776 affects the npm CLI prior to 6.13.3 and arises from improper handling of the bin field. A crafted bin entry can cause arbitrary file writes outside the intended node_modules folder, enabling a publisher to modify or access arbitrary files on a user’s system during installation; exp...
CVE-2019-16776
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...
CVE-2019-16775 Unauthorized File Access in npm CLI before before version 6.13.3
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
CVE-2019-16775
CVE-2019-16775 concerns the npm CLI prior to version 6.13.3. The vulnerability allows a package publisher to create symlinks to arbitrary files outside the node_modules folder via the package.json bin field during installation, and the behavior can also occur through install scripts. This could e...
CVE-2019-16775
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...
npm CLI Arbitrary File Write Vulnerability
The npm CLI is a JavaScript package manager. An arbitrary file write vulnerability exists in npm CLI versions prior to 6.13.3, which can be exploited by an attacker to write arbitrary files...
Roxy Fileman 1.4.5 For .NET Directory Traversal
=========================== Exploit Title: Roxy Fileman 1.4.5 for .NET - Directory Traversal Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE number: CVE-2019-19731 Found: 2019-12-06 Tested on...
Arbitrary File Write
Overview Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create...
Arbitrary File Write
Overview yarn is a package for dependency management. Affected versions of this package are vulnerable to Arbitrary File Write. The package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted bin keys. Existing files could be...
Arbitrary File Write
Overview @pnpm/package-bins is a that returns bins of a package. Affected versions of this package are vulnerable to Arbitrary File Write. The package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted bin keys. Existing files coul...
npm CLI CVE-2019-16776 Arbitrary File Write Vulnerability
Description npm CLI is prone to an arbitrary file-write vulnerability. Successful exploits may allow an attacker to gain access or perform unauthorized actions on arbitrary files on the affected system. Versions prior to npm 6.13.3 are vulnerable. Technologies Affected Oracle GraalVM Enterprise...
Arbitrary File Write
Overview Versions of bin-links prior to 1.1.5 are vulnerable to an Arbitrary File Write. The package fails to restrict access to folders outside of the intended nodemodules folder through the bin field. This allows attackers to create arbitrary files in the system. Note it is not possible to...
CVE-2019-19459
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...