Security News

CVE-2017-16079

National Vulnerability Database - Wed, 06/06/2018 - 22:29
smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Categories: Security News

CVE-2017-16080

National Vulnerability Database - Wed, 06/06/2018 - 22:29
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Categories: Security News

CVE-2017-16081

National Vulnerability Database - Wed, 06/06/2018 - 22:29
cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Categories: Security News

CVE-2017-16082

National Vulnerability Database - Wed, 06/06/2018 - 22:29
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.
Categories: Security News

CVE-2017-16083

National Vulnerability Database - Wed, 06/06/2018 - 22:29
node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Categories: Security News

CVE-2017-16084

National Vulnerability Database - Wed, 06/06/2018 - 22:29
list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16085

National Vulnerability Database - Wed, 06/06/2018 - 22:29
tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Categories: Security News

CVE-2017-16086

National Vulnerability Database - Wed, 06/06/2018 - 22:29
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.
Categories: Security News

CVE-2017-16088

National Vulnerability Database - Wed, 06/06/2018 - 22:29
The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.
Categories: Security News

CVE-2017-16089

National Vulnerability Database - Wed, 06/06/2018 - 22:29
serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Categories: Security News

CVE-2017-16090

National Vulnerability Database - Wed, 06/06/2018 - 22:29
fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16091

National Vulnerability Database - Wed, 06/06/2018 - 22:29
xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Categories: Security News

CVE-2017-16092

National Vulnerability Database - Wed, 06/06/2018 - 22:29
Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Categories: Security News

CVE-2017-16093

National Vulnerability Database - Wed, 06/06/2018 - 22:29
cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16094

National Vulnerability Database - Wed, 06/06/2018 - 22:29
iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16095

National Vulnerability Database - Wed, 06/06/2018 - 22:29
serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
Categories: Security News

CVE-2017-16056

National Vulnerability Database - Wed, 06/06/2018 - 22:29
mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Categories: Security News

CVE-2017-16057

National Vulnerability Database - Wed, 06/06/2018 - 22:29
nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Categories: Security News

CVE-2017-16058

National Vulnerability Database - Wed, 06/06/2018 - 22:29
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Categories: Security News

CVE-2017-16059

National Vulnerability Database - Wed, 06/06/2018 - 22:29
mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Categories: Security News

Pages