3 matches found
Malicious code in ecto-corsair-whisper-6f3b9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8695ea17273c804f1a58e6c0b877de280f7472622065964245deb85cc62dae20 The package declares a postinstall lifecycle hook postinstall.js that runs automatically on npm install. The script shells out via curl to the EC2...
CVE-2021-47751
CuteEditor for PHP now referred to as Rich Text Editor 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath function by renaming uploaded HTML files using...
CVE-2006-2438
CVE-2006-2438 is a directory traversal in Resin’s viewfile servlet (resin-doc) affecting Resin 3.0.17 and 3.0.18. An unauthenticated remote attacker can read arbitrary files under other web roots via the contextpath parameter, with potential path disclosure when the parameter is invalid. The issu...