21 matches found
GHSA-6M52-M754-PW2G Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
CVE-2025-56647
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development hot module reloading server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leake...
Parcel has an Origin Validation Error vulnerability
parcel versions 1.6.1 and above have an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them. Version 2.16.4 supports a --no-cors option which disables CORS...
Vivotek多款产品 安全漏洞
Vivotek ND8422P and others are a network camera from China VIVOTEK Communications Vivotek. A security vulnerability exists in various Vivotek products, which originated from causing sensitive information to be included in the source code. The following products are affected: Vivotek ND8422P,...
SUSE CVE-2024-47166
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
Vulnerabilities fixed in Apache HTTP Server
Two vulnerabilities have been fixed in Apache HTTP server 2.4. The first vulnerability CVE-2024-40725 can lead to source code leakage when files are accessed indirectly. The second vulnerability CVE-2024-40898 involves a Server Side Request Forgery SSRF that can be abused by a malicious person to...
CVE-2022-34002
The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application...
Simple Attendance System 1.0 - Authenticated bypass Vulnerability
Exploit Title: Simple Attendance System 1.0 - Authenticated bypass Exploit Author: Abdullah Khawaja hax.3xploit Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Software Link:...
Doppler VDP: Bypass Email Verification.
steps to reproduce:- 1- sign up into doppler here https://dashboard.doppler.com/register. 2- then it will go to this page https://dashboard.doppler.com/confirm and ask you to confirm your email. 3- go to source code and search for tagsconfirmemail . 4- you will find the email Verification token...
CVE-2019-14365
The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack channels, members, etc...
X (Formerly Twitter): [staging-engineering.gnip.com] Publicly accessible GIT directory
Steps to reproduce: Open http://staging-engineering.gnip.com/.git/logs/refs/heads/master Publicly accessible GIT directory сan lead to leakage of source code and other private information...
Slack: Source code leakage through GIT web access at host '52.91.137.42'
@d0znpp alerted us to the public availability of Git files on a QA server. This lead to the access to files which should have been restricted. We have enforced proper access control, and Slack awarded @d0znpp a $1,500 bounty for bringing the issue to our attention! Thank you!...
NetShen E-commerce System Exists IIS Write Permission, Source Code Leakage Vulnerabilities
NetShen Information Technology Beijing Co., Ltd. is a high-tech information security solution, product and service provider integrating technology research and development, manufacturing and comprehensive service. NetShen's e-commerce system suffers from IIS write permission and source code leaka...
MyBlog多个远程信息泄漏漏洞
BUGTRAQ ID: 30310 CNCAN ID:CNCAN-2008072204 MyBlog是一款基于PHP的博客程序。 MyBlog存在多个输入验证问题,远程攻击者可以利用漏洞获得敏感信息。...
Multiple Macromedia JRun bugs
DoS, source code leakage, session hijacking, crossite scripting, buffer overflow...
CVE-2003-0424
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space %20 or . %2e characters to an HTTP request for the script, e.g. viewbroadcast.cgi...
jboss .jsp source code leakage
By adding 00 то URL it's possible to obtain source code of .jsp page...
Source code leakage in JRun
Adding some sequences to request it's possible to obtain JSP source code...