6886 matches found
Yarn Posterior Link Vulnerability
Yarn is an open source package installation, management tools. A security vulnerability exists in versions of Yarn prior to 1.21.1, which stems from a package installation feature that can be used to create arbitrary symbolic links on the host filesystem. An attacker can exploit this vulnerabilit...
DEBIAN-CVE-2019-10773
In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...
CVE-2019-10773
In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...
UBUNTU-CVE-2019-10773
In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set...
CVE-2019-16777
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...
CVE-2019-16777
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...
DEBIAN-CVE-2019-16777
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...
CVE-2019-16777
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...
Code injection
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...
CVE-2019-16777
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...
CVE-2019-16777 Arbitrary File Overwrite in npm CLI
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...
CVE-2019-16777
The CVE-2019-16777 entry affects the npm CLI for versions prior to 6.13.4, which are vulnerable to Arbitrary File Overwrite. The issue allows overwriting globally-installed binaries (e.g., a serve binary) during subsequent package installations, including when --ignore-scripts is used. This behav...
Arbitrary File Overwrite
npm is vulnerable to arbitrary file overwrite. The package does not prevent existing globally-installed binaries from being overwritten by other package installations in /usr/local/bin. This would allow the overwriting of binary files created from the first installation...
Arbitrary File Overwrite
bin-links is vulnerable to arbitrary file overwrite. The application does not prevent globally-installed binaries to be overwritten by other package installs...
Arbitrary File Write
Overview yarn is a package for dependency management. Affected versions of this package are vulnerable to Arbitrary File Write. The package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted bin keys. Existing files could be...
AppXSvc 17763 - Arbitrary File Overwrite (DoS)
AppXSvc 17763 - Arbitrary File Overwrite DoS Exploit Title: AppXSvc 17763 - Arbitrary File Overwrite DoS Date: 2019-10-28 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested on: Windows 10 Version 1809 for x64-based...
AppXSvc 17763 Arbitrary File Overwrite
Exploit Title: AppXSvc 17763 - Arbitrary File Overwrite DoS Date: 2019-10-28 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested on: Windows 10 Version 1809 for x64-based Systems CVE: CVE-2019-1476 Summary: AppXSvc...
PT-2019-1104 · Npm +6 · Npm Cli +6
Name of the Vulnerable Software and Affected Versions: npm CLI versions prior to 6.13.4 Description: The issue allows for an Arbitrary File Overwrite due to the failure to prevent existing globally-installed binaries from being overwritten by other package installations. For example, if a package...
AppXSvc 17763 - Arbitrary File Overwrite (DoS)
Exploit Title: AppXSvc 17763 - Arbitrary File Overwrite DoS Date: 2019-10-28 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested on: Windows 10 Version 1809 for x64-based Systems CVE: CVE-2019-1476 Summary: AppXSvc...
Drupal Webform Module Multiple Security Vulnerabilities
Description Webform Module of Drupal is prone to the following multiple security vulnerabilities: 1. An arbitrary-file-overwrite vulnerability 2. A cross-site scripting vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...