23 matches found
EUVD-2018-0206
Malware in sbrugna...
EUVD-2019-0390
Malware in sbrugna...
Path Traversal
Overview All versions of localhost-now are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix...
GHSA-73CW-JXMM-QPGH Path Traversal in localhost-now
All versions of localhost-now are vulnerable to path traversal. This vulnerability is a bypass to the path traversal fix introduced in version 1.0.2 Proof of concept: $ curl -v --path-as-is "http://IP:5432/..././..././..././..././..././..././..././..././..././..././etc/passwd" Recommendation No f...
Path Traversal in localhost-now
All versions of localhost-now are vulnerable to path traversal. This vulnerability is a bypass to the path traversal fix introduced in version 1.0.2 Proof of concept: $ curl -v --path-as-is "http://IP:5432/..././..././..././..././..././..././..././..././..././..././etc/passwd" Recommendation No f...
GHSA-QWJ8-P662-3M7X Path Traversal in localhost-now
All versions of localhost-now are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is made...
Path Traversal in localhost-now
All versions of localhost-now are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is made...
CVE-2019-5416
A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server...
CVE-2019-5416
A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server...
CVE-2019-5416
CVE-2019-5416 is a path traversal vulnerability in the localhost-now npm package (version 1.0.2). The underlying issue is inadequate URL/file path sanitization, allowing a remote attacker to read arbitrary files on the server by crafting traversals (e.g., ../). Multiple connected sources confirm ...
GHSA-2GJG-5X33-MMP2 Path Traversal in localhost-now
Versions of localhost-now before 1.0.2 are vulnerable to path traversal. This allows a remote attacker to read the content of an arbitrary file. Recommendation Update to version 1.0.2 or later...
Path Traversal in localhost-now
Versions of localhost-now before 1.0.2 are vulnerable to path traversal. This allows a remote attacker to read the content of an arbitrary file. Recommendation Update to version 1.0.2 or later...
CVE-2018-3729
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...
CVE-2018-3729
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...
Path traversal
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...
CVE-2018-3729
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...
CVE-2018-3729
The CVE-2018-3729 entry is supported by multiple connected documents describing a path traversal flaw in the localhost-now Node.js module. Affected software: localhost-now prior to version 1.0.2 (as documented in GHSA-2GJG-5X33-MMP2 and OSV; HackerOne report H1:312889 corroborates). Root cause: l...
PT-2018-16153 · Unknown · Localhost-Now
Name of the Vulnerable Software and Affected Versions: localhost-now versions prior to 1.0.2 Description: The issue arises from a lack of validation of file paths, allowing a malicious user to read the content of any file with a known path. This can be exploited by a remote attacker to read...
Directory Traversal
localhost-now is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization on the file path, allowing malicious file paths to result in directory traversal attacks...
Path Traversal
Overview Versions of localhost-now before 1.0.2 are vulnerable to path traversal. This allows a remote attacker to read the content of an arbitrary file. Recommendation Update to version 1.0.2 or later. References - GitHub Commit 30b004c - HackerOne Report - GitHub Advisory...