News aggregator

CVE-2018-3737

National Vulnerability Database - Wed, 06/06/2018 - 22:29
sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.
Categories: Security News

CVE-2018-3738

National Vulnerability Database - Wed, 06/06/2018 - 22:29
protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.
Categories: Security News

CVE-2018-3739

National Vulnerability Database - Wed, 06/06/2018 - 22:29
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
Categories: Security News

CVE-2017-16209

National Vulnerability Database - Wed, 06/06/2018 - 22:29
enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16210

National Vulnerability Database - Wed, 06/06/2018 - 22:29
jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16211

National Vulnerability Database - Wed, 06/06/2018 - 22:29
lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16212

National Vulnerability Database - Wed, 06/06/2018 - 22:29
ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16213

National Vulnerability Database - Wed, 06/06/2018 - 22:29
mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16214

National Vulnerability Database - Wed, 06/06/2018 - 22:29
peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16215

National Vulnerability Database - Wed, 06/06/2018 - 22:29
sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16216

National Vulnerability Database - Wed, 06/06/2018 - 22:29
tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16217

National Vulnerability Database - Wed, 06/06/2018 - 22:29
fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16218

National Vulnerability Database - Wed, 06/06/2018 - 22:29
dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16219

National Vulnerability Database - Wed, 06/06/2018 - 22:29
yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16220

National Vulnerability Database - Wed, 06/06/2018 - 22:29
wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16221

National Vulnerability Database - Wed, 06/06/2018 - 22:29
yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16222

National Vulnerability Database - Wed, 06/06/2018 - 22:29
elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will return a 404 on etc/passwd/index.js.
Categories: Security News

CVE-2017-16223

National Vulnerability Database - Wed, 06/06/2018 - 22:29
nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16224

National Vulnerability Database - Wed, 06/06/2018 - 22:29
st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a proper redirect as // is translated into the current schema being used. Mitigating factor: In order for this to work, st must be serving from the root of a server (/) rather than the typical sub directory (/static/) and the redirect URL will end with some form of URL encoded .. ("%2e%2e", "%2e.", ".%2e").
Categories: Security News

CVE-2017-16225

National Vulnerability Database - Wed, 06/06/2018 - 22:29
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that peformed a aegir-release) GitHub token.
Categories: Security News

Pages