17 matches found
EUVD-2021-1087
Malware in sbrugna...
EUVD-2019-0339
Malware in sbrugna...
Amazon S3 Droppy 1.4.6 Shell Upload
============================================================================================================================ | Title : Amazon S3 Droppy v 1.4.6 File Upload Vulnerability | | Author : indoushka | | email : [email protected] | | Tested on : windows 10 Français V.Pro | | Vendo...
Path Traversal in droppy
This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server...
GHSA-GRV5-W5VR-8H98 Path Traversal in droppy
This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server...
CVE-2020-7757
This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server...
CVE-2020-7757
This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server...
CVE-2020-7757
CVE-2020-7757 affects all versions of the droppy package. A path traversal vulnerability enables an attacker to traverse directories and fetch configuration files from a droppy server, via crafted URLs (directory traversal sequences). Connected data confirms the issue as a directory traversal in ...
CVE-2020-7757 Path Traversal
This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server...
Path Traversal
Overview droppy is a library for self-hosted file storage. Affected versions of this package are vulnerable to Path Traversal. It is possible to traverse directories to fetch configuration files from a droopy server. PoC GET...
GHSA-RHVC-X32H-5526 No CSRF Validation in droppy
Affected versions of droppy are vulnerable to cross-site socket forgery. The package does not perform verification for cross-domain websocket requests, and as a result, an attacker can create a web page that opens up a websocket connection on behalf of the user visiting the page. The attacker can...
No CSRF Validation in droppy
Affected versions of droppy are vulnerable to cross-site socket forgery. The package does not perform verification for cross-domain websocket requests, and as a result, an attacker can create a web page that opens up a websocket connection on behalf of the user visiting the page. The attacker can...
CVE-2016-10529
Droppy versions 3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under hi...
CVE-2016-10529
Droppy versions 3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under hi...
CVE-2016-10529
Droppy versions 3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under hi...
CVE-2016-10529
Droppy versions
No CSRF Validation
Overview Affected versions of droppy are vulnerable to cross-site socket forgery. The package does not perform verification for cross-domain websocket requests, and as a result, an attacker can create a web page that opens up a websocket connection on behalf of the user visiting the page. The...