National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 7 hours 54 min ago

CVE-2017-16157

Wed, 06/06/2018 - 22:29
censorify.tanisjr is a simple web server and API RESTful service. censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16158

Wed, 06/06/2018 - 22:29
dcserver is a static file server. dcserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16159

Wed, 06/06/2018 - 22:29
caolilinode is a simple file server. caolilinode is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16160

Wed, 06/06/2018 - 22:29
11xiaoli is a simple file server. 11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16161

Wed, 06/06/2018 - 22:29
shenliru is a simple file server. shenliru is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16162

Wed, 06/06/2018 - 22:29
22lixian is a simple file server. 22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16163

Wed, 06/06/2018 - 22:29
dylmomo is a simple file server. dylmomo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16120

Wed, 06/06/2018 - 22:29
liyujing is a static file server. liyujing is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16121

Wed, 06/06/2018 - 22:29
datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16122

Wed, 06/06/2018 - 22:29
cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16123

Wed, 06/06/2018 - 22:29
welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16124

Wed, 06/06/2018 - 22:29
node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16125

Wed, 06/06/2018 - 22:29
rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager. rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16126

Wed, 06/06/2018 - 22:29
The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked (test, require, pre-install)
Categories: Security News

CVE-2017-16127

Wed, 06/06/2018 - 22:29
The module pandora-doomsday infects other modules. It's since been unpublished from the registry.
Categories: Security News

CVE-2017-16128

Wed, 06/06/2018 - 22:29
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.
Categories: Security News

CVE-2017-16129

Wed, 06/06/2018 - 22:29
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.
Categories: Security News

CVE-2017-16130

Wed, 06/06/2018 - 22:29
exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error.
Categories: Security News

CVE-2017-16131

Wed, 06/06/2018 - 22:29
unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16132

Wed, 06/06/2018 - 22:29
simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

Pages