Code injection

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

npm CLI Arbitrary File Write Vulnerability

The npm CLI is a JavaScript package manager. An arbitrary file write vulnerability exists in npm CLI versions prior to 6.13.3, which can be exploited by an attacker to write arbitrary files...

Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2 Multiple Vulnerabilities

Binary data 700661.prm...

Exploit for Path Traversal in Atlassian Confluence_Server

cve-2019-3398 Details A quick python proof of concept for C...

Atlassian Confluence Widget Connector Macro Velocity Template Injection Exploit

Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not...