15 matches found
PT-2026-45028
Summary When experimental.componentIslands is enabled default in Nuxt 4, any .server.vue file under pages/ is automatically registered as a server island under the key page and exposed via the / nuxt island/:name endpoint. Until this fix, requests through that endpoint rendered the page component...
CVE-2026-30848 Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured...
CVE-2026-30848 Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured...
CVE-2026-30848 Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured...
CVE-2022-50898
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper...
CVE-2022-50898 NanoCMS 0.4 - Remote Code Execution (RCE) (Authenticated)
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper...
CVE-2022-50898
NanoCMS 0.4 is affected by an authenticated file upload vulnerability that enables remote code execution through the page content creation feature. The root cause is lack of input sanitization when uploading PHP files to the server’s pages directory, which can be exploited after authentication. R...
CVE-2022-50898 NanoCMS 0.4 - Remote Code Execution (RCE) (Authenticated)
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper...
PT-2026-2374
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper...
EUVD-2012-6586
Malware in sbrugna...
CVE-2012-10044 MobileCartly 1.0 savepage.php Arbitrary File Creation
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking fileputcontents on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending...
CVE-2023-3846
A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235197 was assigned...
Node.js third-party modules: [html-pages] Path Traversal in html-pages module allows to read any file from the server with curl
Hi, This report is about Directory Traversal vulnerability I found in html-pages module. Module: html-pages is a module which allows to browse directories and serve static files in the browser. The vulnerability exists in the latest available version 2.0.7 Link to npm page:...
MobileCartly 1.0 - Arbitrary File Creation (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "MobileCartly 1.0...
MobileCartly 1.0 Arbitrary File Creation Vulnerability
This module exploits a vulnerability in MobileCartly. The savepage.php file does not do any permission checks before using fileputcontents, which allows any user to have direct control of that function to create files under the 'pages' directory by default, or anywhere else as long as the user ha...