Security News

CVE-2018-3724

National Vulnerability Database - Wed, 06/06/2018 - 22:29
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3725

National Vulnerability Database - Wed, 06/06/2018 - 22:29
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3726

National Vulnerability Database - Wed, 06/06/2018 - 22:29
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
Categories: Security News

CVE-2018-3727

National Vulnerability Database - Wed, 06/06/2018 - 22:29
626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3729

National Vulnerability Database - Wed, 06/06/2018 - 22:29
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3730

National Vulnerability Database - Wed, 06/06/2018 - 22:29
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3731

National Vulnerability Database - Wed, 06/06/2018 - 22:29
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3732

National Vulnerability Database - Wed, 06/06/2018 - 22:29
resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3735

National Vulnerability Database - Wed, 06/06/2018 - 22:29
bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template
Categories: Security News

CVE-2018-3736

National Vulnerability Database - Wed, 06/06/2018 - 22:29
https-proxy-agent passes unsanitized options to Buffer(arg) resulting in DoS and uninitialized memory leak.
Categories: Security News

CVE-2018-3737

National Vulnerability Database - Wed, 06/06/2018 - 22:29
sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.
Categories: Security News

CVE-2018-3738

National Vulnerability Database - Wed, 06/06/2018 - 22:29
protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.
Categories: Security News

CVE-2018-3739

National Vulnerability Database - Wed, 06/06/2018 - 22:29
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
Categories: Security News

CVE-2017-16209

National Vulnerability Database - Wed, 06/06/2018 - 22:29
enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16210

National Vulnerability Database - Wed, 06/06/2018 - 22:29
jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16211

National Vulnerability Database - Wed, 06/06/2018 - 22:29
lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16212

National Vulnerability Database - Wed, 06/06/2018 - 22:29
ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16213

National Vulnerability Database - Wed, 06/06/2018 - 22:29
mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16214

National Vulnerability Database - Wed, 06/06/2018 - 22:29
peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16215

National Vulnerability Database - Wed, 06/06/2018 - 22:29
sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

Pages