News aggregator

Bugtraq: Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)

SecurityFocus Vulnerabilities - Wed, 06/06/2018 - 23:20
Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)
Categories: Security News

CVE-2018-3715

National Vulnerability Database - Wed, 06/06/2018 - 22:29
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3716

National Vulnerability Database - Wed, 06/06/2018 - 22:29
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
Categories: Security News

CVE-2018-3717

National Vulnerability Database - Wed, 06/06/2018 - 22:29
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
Categories: Security News

CVE-2018-3718

National Vulnerability Database - Wed, 06/06/2018 - 22:29
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
Categories: Security News

CVE-2018-3719

National Vulnerability Database - Wed, 06/06/2018 - 22:29
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Categories: Security News

CVE-2018-3720

National Vulnerability Database - Wed, 06/06/2018 - 22:29
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Categories: Security News

CVE-2018-3721

National Vulnerability Database - Wed, 06/06/2018 - 22:29
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Categories: Security News

CVE-2018-3722

National Vulnerability Database - Wed, 06/06/2018 - 22:29
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Categories: Security News

CVE-2018-3723

National Vulnerability Database - Wed, 06/06/2018 - 22:29
defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Categories: Security News

CVE-2018-3724

National Vulnerability Database - Wed, 06/06/2018 - 22:29
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3725

National Vulnerability Database - Wed, 06/06/2018 - 22:29
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3726

National Vulnerability Database - Wed, 06/06/2018 - 22:29
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
Categories: Security News

CVE-2018-3727

National Vulnerability Database - Wed, 06/06/2018 - 22:29
626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3729

National Vulnerability Database - Wed, 06/06/2018 - 22:29
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3730

National Vulnerability Database - Wed, 06/06/2018 - 22:29
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3731

National Vulnerability Database - Wed, 06/06/2018 - 22:29
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3732

National Vulnerability Database - Wed, 06/06/2018 - 22:29
resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3735

National Vulnerability Database - Wed, 06/06/2018 - 22:29
bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template
Categories: Security News

CVE-2018-3736

National Vulnerability Database - Wed, 06/06/2018 - 22:29
https-proxy-agent passes unsanitized options to Buffer(arg) resulting in DoS and uninitialized memory leak.
Categories: Security News

Pages