13 matches found
GHSA-RMPJ-3X5M-9M5F Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion
Summary The documents and files module in Admidio does not verify whether the current user has permission to delete folders or files. The folderdelete and filedelete action handlers in modules/documents-files.php only perform a VIEW authorization check getFolderForDownload / getFileForDownload...
EUVD-2018-0321
Malware in sbrugna...
EUVD-2019-0235
Malware in sbrugna...
Node.js third-party modules: [public] Path traversal using symlink
I would like to report Path traversal vulnerability in public module Module module name: public version: 0.1.4 npm page: https://www.npmjs.com/package/public Module Description Run static file hosting server with specified public dir & port. Support a "direcotry index" like Apache httpd. Module...
GHSA-7JFH-2XC9-CCV7 Cross-Site Scripting in public
All versions of public are vulnerable to stored cross-site scripting XSS. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time...
Tnantoka/public XSS Vulnerability
A XSS vulnerability was found in module public 0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering...
GHSA-649C-X44H-4Q7V Tnantoka/public XSS Vulnerability
A XSS vulnerability was found in module public 0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering...
CVE-2018-16480
A XSS vulnerability was found in module public 0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering...
Cross site scripting
A XSS vulnerability was found in module public 0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering...
Waimai Super Cms Cross-Site Scripting Vulnerability (CNVD-2018-21792)
waimai Super Cms is a takeaway ordering system. The system is compatible with IE, Firefox, Chrome, Safari and Opera browsers. A cross-site scripting vulnerability exists in version 20150505 of Waimai Super Cms. A remote attacker can exploit this vulnerability by sending the 'username' parameter t...
Cross-Site Scripting
Overview All versions of public are vulnerable to stored cross-site scripting XSS. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time. References - HackerOne Report - GitHub Advisory...
Node.js third-party modules: [public] Path Traversal allows to read content of arbitrary files
Hi Guys, There is Path Traversal in public module. It allows to read content of arbitrary files on the remote server. Module public Run static file hosting server with specified public dir & port. Support a "direcotry index" like Apache httpd. https://www.npmjs.com/package/public version: 0.1.2...
For the Node. js in the node-serialize module deserialization vulnerability the subsequent analysis-vulnerability warning-the black bar safety net
Of the Node. js serialization remote command execution vulnerabilities of a number of follow-up found and how to develop the attack load. A few days ago I was in opsecx blog found an article How to use a named node-serialize nodejs module in the RCE remote code execution error blog. The article...