6 matches found
PT-2026-42752
Name of the Vulnerable Software and Affected Versions Sync-in versions prior to 2.3 Description An issue exists in the URL download feature where the private IP blocklist regex fails to match IPv4-mapped IPv6 addresses, such as ::ffff:127.0.0.1. On dual-stack systems, Node.js may report a socket'...
Zinc delete user function cross-site scripting vulnerability
Zinc is a full-text indexing search engine open sourced by Zinc Labs. Zinc v0.1.9 and later, v0.3.1 and earlier versions have a cross-site scripting vulnerability that could be exploited by attackers to obtain sensitive information such as user credentials...
CVE-2022-31022
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP bleve/http handlers fo...
CVE-2022-31022
This CVE affects Bleve’s http package (bleve/http) used by its sample app. The CreateIndexHandler and DeleteIndexHandler allowed a user with server write access to create a new index directory and recursively delete directories owned by the same user, potentially exposing local filesystem risk. V...
C-Arbre <= 0.6PR7 (root_path) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================= C-Arbre = 0.6PR7 rootpath Remote File Inclusion Vulnerability ================================================================= \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / |...
DocMGR <= 0.54.2 arbitrary remote inclusion
--------------- DocMGR = 0.54.2 arbitrary remote inclusion -------------------- software: site: http://www.docmgr.org/ description: "DocMGR is a complete, web-based Document Management System DMS. It allows for the storage of any file type, and supports full-text indexing of the most popular...