Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16171 | 1 Hcbserver Project | 1 Hcbserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16170 | 1 Liuyaserver Project | 1 Liuyaserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16161 | 1 Shenliru Project | 1 Shenliru | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| shenliru is a simple file server. shenliru is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16160 | 1 11xiaoli Project | 1 11xiaoli | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| 11xiaoli is a simple file server. 11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16159 | 1 Caolilinode Project | 1 Caolilinode | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| caolilinode is a simple file server. caolilinode is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16158 | 1 Dcserver Project | 1 Dcserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| dcserver is a static file server. dcserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16203 | 1 Coffescript Project | 1 Coffescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16153 | 1 Gaoxuyan Project | 1 Gaoxuyan | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16208 | 1 Dmmcquay.lab6 Project | 1 Dmmcquay.lab6 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16152 | 1 Static-html-server Project | 1 Static-html-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16150 | 1 Wanggoujing123 Project | 1 Wanggoujing123 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16141 | 1 Lab6drewfusbyu Project | 1 Lab6drewfusbyu | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16209 | 1 Enserver Project | 1 Enserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16210 | 1 Jn Jj Server Project | 1 Jn Jj Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16140 | 1 Lab6.brit95 Project | 1 Lab6.brit95 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16139 | 1 Jikes Project | 1 Jikes | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to files with .htm and .js extensions. | |||||
| CVE-2017-16138 | 1 Mime Project | 1 Mime | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. | |||||
| CVE-2017-16125 | 1 Rtcmulticonnection-client Project | 1 Rtcmulticonnection-client | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager. rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16124 | 1 Node-server-forfront Project | 1 Node-server-forfront | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16098 | 1 Charset Project | 1 Charset | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb, so the impact of the ReDoS is relatively low. | |||||
| CVE-2017-16097 | 1 Tiny-http Project | 1 Tiny-http | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16096 | 1 Serveryaozeyan Project | 1 Serveryaozeyan | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16095 | 1 Serverliujiayi1 Project | 1 Serverliujiayi1 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16094 | 1 Iter-http Project | 1 Iter-http | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16089 | 1 Serverlyr Project | 1 Serverlyr | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16211 | 1 Lessindex Project | 1 Lessindex | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16086 | 1 Ua-parser Project | 1 Ua-parser | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header. | |||||
| CVE-2017-16085 | 1 Tinyserver2 Project | 1 Tinyserver2 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16084 | 1 List-n-stream Project | 1 List-n-stream | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16083 | 1 Node-simple-router | 1 Node-simple-router | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16081 | 1 Cross-env.js Project | 1 Cross-env.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16216 | 1 Tencent-server Project | 1 Tencent-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16068 | 1 Ffmepg Project | 1 Ffmepg | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16067 | 1 Node-opencv Project | 1 Node-opencv | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16066 | 1 Opencv.js Project | 1 Opencv.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16065 | 1 Openssl.js Project | 1 Openssl.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16052 | 1 Node-fabric Project | 1 Node-fabric | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16051 | 1 Sqliter Project | 1 Sqliter | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16050 | 1 Sqlite.js Project | 1 Sqlite.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16049 | 1 Nodesqlite Project | 1 Nodesqlite | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16044 | 1 D3.js Project | 1 D3.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16040 | 1 Gfe-sass Project | 1 Gfe-sass | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2017-16039 | 1 Hftp Project | 1 Hftp | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16217 | 1 Webrtc-experiment | 1 Fbr-client | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16037 | 1 Gomeplus-h5-proxy Project | 1 Gomeplus-h5-proxy | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL. | |||||
| CVE-2017-16036 | 1 Badjs-sourcemap-server Project | 1 Badjs-sourcemap-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16029 | 1 Hostr Project | 1 Hostr | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests. | |||||
| CVE-2017-16014 | 1 Http-proxy Project | 1 Http-proxy | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service. | |||||
| CVE-2017-16013 | 1 Hapijs | 1 Hapi | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached. | |||||
| CVE-2017-16035 | 1 Hubspot | 1 Hubl-server | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this behavior an attacker with the ability to man-in-the-middle a developer or system performing a package installation could compromise the integrity of the installation. | |||||