News aggregator

CVE-2018-3711

National Vulnerability Database - Wed, 06/06/2018 - 22:29
Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload.
Categories: Security News

CVE-2018-3712

National Vulnerability Database - Wed, 06/06/2018 - 22:29
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
Categories: Security News

CVE-2018-3713

National Vulnerability Database - Wed, 06/06/2018 - 22:29
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3714

National Vulnerability Database - Wed, 06/06/2018 - 22:29
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2017-16186

National Vulnerability Database - Wed, 06/06/2018 - 22:29
360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16187

National Vulnerability Database - Wed, 06/06/2018 - 22:29
open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16188

National Vulnerability Database - Wed, 06/06/2018 - 22:29
reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16189

National Vulnerability Database - Wed, 06/06/2018 - 22:29
sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16190

National Vulnerability Database - Wed, 06/06/2018 - 22:29
dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16191

National Vulnerability Database - Wed, 06/06/2018 - 22:29
cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16192

National Vulnerability Database - Wed, 06/06/2018 - 22:29
getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16193

National Vulnerability Database - Wed, 06/06/2018 - 22:29
mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16194

National Vulnerability Database - Wed, 06/06/2018 - 22:29
picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16195

National Vulnerability Database - Wed, 06/06/2018 - 22:29
pytservce is a static file server. pytservce is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16196

National Vulnerability Database - Wed, 06/06/2018 - 22:29
quickserver is a simple static file server. quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16197

National Vulnerability Database - Wed, 06/06/2018 - 22:29
qinserve is a static file server. qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16198

National Vulnerability Database - Wed, 06/06/2018 - 22:29
ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible.
Categories: Security News

CVE-2017-16199

National Vulnerability Database - Wed, 06/06/2018 - 22:29
susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16200

National Vulnerability Database - Wed, 06/06/2018 - 22:29
uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

CVE-2017-16201

National Vulnerability Database - Wed, 06/06/2018 - 22:29
zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Categories: Security News

Pages