CVE-2023-33665
https://notcve.org/view.php?id=CVE-2023-33665
ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. Se ha descubierto que las versiones anteriores a v0.2.2 de aitable de ai-dev contiene una vulnerabilidad de inyección SQL a través del componente /includes/ajax.php. • https://security.friendsofpresta.org/modules/2023/08/01/aitable.html https://www.boutique.ai-dev.fr/en/ergonomie/56-table-attributes.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-33664
https://notcve.org/view.php?id=CVE-2023-33664
ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. • https://security.friendsofpresta.org/modules/2023/06/28/aicombinationsonfly.html https://www.boutique.ai-dev.fr/en/ergonomie/61-combinations-on-fly.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-25895 – Directory Traversal
https://notcve.org/view.php?id=CVE-2022-25895
All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. Todas las versiones del paquete lite-dev-server son vulnerables a Directory Traversal debido a la falta de sanitización de entrada y al uso de entornos sandbox para la entrada del usuario req.url que se pasa al código del servidor. • https://gist.github.com/lirantal/0f8a48c3f5ac581ce73123abe9f7f120 https://github.com/shadowwzw/lite-dev-server/blob/master/src/server.js%23L134 https://security.snyk.io/vuln/SNYK-JS-LITEDEVSERVER-3153718 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-25848 – Directory Traversal
https://notcve.org/view.php?id=CVE-2022-25848
This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. Esto afecta a todas las versiones del paquete static-dev-server. Esto se debe a que cuando se unen las rutas de los usuarios al directorio raíz, los activos de la ruta a la que se accede son relativos a los del directorio raíz. • https://gist.github.com/lirantal/5550bcd0bdf92c1b56fbb20e141fe5bd https://security.snyk.io/vuln/SNYK-JS-STATICDEVSERVER-3149917 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-33037
https://notcve.org/view.php?id=CVE-2022-33037
A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. Un secuestro binario en Orwell-Dev-Cpp versión v5.11, permite a atacantes ejecutar código arbitrario por medio de un archivo .exe diseñado • https://github.com/ycdxsb/Vuln/blob/main/Orwell-Dev-Cpp-CreateProcessA-Misuse-Binary-Hijack/Orwell-Dev-Cpp-CreateProcessA-Misuse-Binary-Hijack.md • CWE-427: Uncontrolled Search Path Element •