194 matches found
in hascheksolutions/opentrashmail
✍️ Description Attackers can control the filesystem path argument to readfile at api.php line 35 for ?email= parameter, which allows them to access or modify otherwise protected files. Analysis Trace: 1. application take unsensitized input at: $email = strtolower$REQUEST'email'; 2. Assigning user...
Path traversal in rollup-plugin-serve
Overview Path traversal in rollup-plugin-serve before version 1.0.2. There is no path sanitization in readFile operation. Recommendation Upgrade to version 1.0.2 or later References - CVE - GitHub Advisory...
CVE-2021-28154
Camunda Modeler aka camunda-modeler through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured the app is that it...
CVE-2021-28154
Camunda Modeler aka camunda-modeler through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured the app is that it...
rollup-plugin-serve path traversal vulnerability
rollup-plugin-serve is a module bundler package for JavaScript. A security vulnerability exists in the readFile operation of the 'readFileFromContentBase' function in rollup-plugin-server, which stems from the program's failure to clean up paths. No details of the vulnerability are available at...
Directory traversal in rollup-plugin-server
This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...
Directory traversal in rollup-plugin-server
This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...
Directory Traversal
rollup-plugin-dev-server is vulnerable to directory traversal. The vulnerability exists through the lack of sanitization of the file path used in the readFile function...
Path Traversal
rollup-plugin-server is vulnerable to path traversal attack. The vulnerability exists due to a lack of proper handling of user-provided path parameters in the readFile operation performed inside the readFileFromContentBase function, allowing an attacker to access arbitrary system files using...
CVE-2020-7686
This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...
CVE-2020-7683
This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...
Path traversal
This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...
Path traversal
This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...
CVE-2020-7686
CVE-2020-7686 affects all versions of rollup-plugin-dev-server. The issue is a directory traversal vulnerability caused by lack of path sanitization in the readFile operation within the readFileFromContentBase function, enabling potential access to arbitrary files. Multiple sources (NVD, CVE list...
CVE-2020-7686 Directory Traversal
This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function...
CVE-2020-7683 Directory Traversal
This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function...
CVE-2020-7684
This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...
Design/Logic Flaw
This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...
CVE-2020-7684 Directory Traversal
This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation...
CVE-2020-7684
CVE-2020-7684 affects the npm package rollup-plugin-serve. The vulnerability is a path traversal in the readFile operation due to lack of path sanitization, allowing access to files outside the destination. Reported impact includes information disclosure and potential file access; exploitation de...