GHSA-XPWW-F6PM-CFHQ dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary rundbtcommand in src/dbtmcp/dbtcli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two independen...

Information disclosure

NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to 1 the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and 2 the tmp directory, which lists names of uploaded attachments...

CVE-2006-0893

NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to 1 the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and 2 the tmp directory, which lists names of uploaded attachments...

CVE-2006-0893

NOCC Webmail 1.0 is affected by an information-disclosure vulnerability where remote attackers can obtain sensitive data by directly requesting files in (1) the profiles directory (exposing e-mail addresses from profile filenames) and (2) the tmp directory (revealing uploaded attachment names). T...