Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ini project ini vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-28441
This affects the package conf-cfg-ini prior to 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.
Conf-cfg-ini Project Conf-cfg-ini
9.8
CVSSv3
CVE-2020-28461
This affects the package js-ini prior to 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
Js-ini Project Js-ini
9.8
CVSSv3
CVE-2020-28462
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
Ion-parser Project Ion-parser
9.8
CVSSv3
CVE-2020-28448
This affects the package multi-ini prior to 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array.
Multi-ini Project Multi-ini
9.8
CVSSv3
CVE-2020-7788
This affects the package ini prior to 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
Ini Project Ini
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2020-7617
ini-parser up to and including 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload.
Ini-parser Project Ini-parser
8.1
CVSSv3
CVE-2020-28460
This affects the package multi-ini prior to 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.
Multi-ini Project Multi-ini
6.5
CVSSv3
CVE-2022-1788
Due to missing checks the Change Uploaded File Permissions WordPress plugin up to and including 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made rea...
Change Uploaded File Permissions Project Change Uploaded File Permissions
4.9
CVSSv3
CVE-2023-46851
Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hi...
Apache Allura
NA
CVE-2024-36471
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1 up to and...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started