14 matches found
EUVD-2018-0276
Malware in sbrugna...
EUVD-2018-0326
Malware in sbrugna...
GHSA-VFP9-GWRH-WQ9G Path Traversal in crud-file-server
Versions of crud-file-server prior to 0.9.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation Upgrade to version 0.9.0 or later...
GHSA-H24F-9MM4-W336 Cross-site Scripting (XSS) - Stored in crud-file-server
Versions of crud-file-server before 0.8.0 are vulnerable to stored cross-site scripting XSS. This is due to insufficient santiziation of filenames when directory index is served by crud-file-server. Recommendation Update to version 0.8.0 or later...
Cross-site Scripting (XSS) - Stored in crud-file-server
Versions of crud-file-server before 0.8.0 are vulnerable to stored cross-site scripting XSS. This is due to insufficient santiziation of filenames when directory index is served by crud-file-server. Recommendation Update to version 0.8.0 or later...
crud-file-server node module cross-site scripting vulnerability
The crud-file-server node module is a file server that supports create, read, update and delete functions. A cross-site scripting vulnerability exists in crud-file-server node module versions prior to 0.8.0, which stems from the program's lack of file name validation. A remote attacker can exploi...
CVE-2018-3726
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names...
PT-2018-16150 · Unknown · Crud-File-Server
Name of the Vulnerable Software and Affected Versions: crud-file-server versions prior to 0.8.0 Description: The issue is related to a lack of validation of file names, leading to a Cross-Site Scripting vulnerability. This is due to insufficient sanitization of filenames when the directory index ...
crud-file-server node module path traversal vulnerability
The crud-file-server node module is a file server that supports create, read, update and delete functions. A path traversal vulnerability exists in the crud-file-server node module prior to version 0.9.0, which stems from the program's failure to properly verify the url, and can be exploited by a...
CVE-2018-3733
crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path...
PT-2018-16157 · Unknown · Crud-File-Server
Name of the Vulnerable Software and Affected Versions: crud-file-server versions prior to 0.9.0 Description: The issue arises from incorrect validation of URLs, allowing a malicious user to read the content of any file with a known path due to a Path Traversal vulnerability. This is because the...
Cross-site Scripting (XSS) - Stored
Overview Versions of crud-file-server before 0.8.0 are vulnerable to stored cross-site scripting XSS. This is due to insufficient santiziation of filenames when directory index is served by crud-file-server. Recommendation Update to version 0.8.0 or later. References - GitHub Commit 4155bfe -...
Node.js third-party modules: [crud-file-server] Stored XSS in filenames when directory index is served by crud-file-server
Hi Guys, crud-file-server allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript. Module crud-file-server This package exposes a directory and its children to create, read, update, and delete operations over http...
Node.js third-party modules: [crud-file-server] Path Traversal allows to read arbitrary file from the server
Hi Guys, There is Path Traversal vulnerability in crud-file-server module, which allows to read arbitrary file from the remote server. Module crud-file-server This package exposes a directory and its children to create, read, update, and delete operations over http...