Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16187 | 1 Open-device Project | 1 Open-device | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16186 | 1 360class.jansenhm Project | 1 360class.jansenhm | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| 360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16185 | 1 Uekw1511server Project | 1 Uekw1511server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16184 | 1 Scott-blanch-weather-app Project | 1 Scott-blanch-weather-app | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16183 | 1 Iter-server Project | 1 Iter-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16134 | 1 Http Static Simple Project | 1 Http Static Simple | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16003 | 1 Windows-build-tools Project | 1 Windows-build-tools | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2017-16133 | 1 Goserv Project | 1 Goserv | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| goserv is an http server. goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16005 | 1 Joyent | 1 Http-signature | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature. | |||||
| CVE-2017-16182 | 1 Serverxxx Project | 1 Serverxxx | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16140 | 1 Lab6.brit95 Project | 1 Lab6.brit95 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16139 | 1 Jikes Project | 1 Jikes | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to files with .htm and .js extensions. | |||||
| CVE-2017-16059 | 1 Mssql-node Project | 1 Mssql-node | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16124 | 1 Node-server-forfront Project | 1 Node-server-forfront | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16196 | 1 Quickserver Project | 1 Quickserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| quickserver is a simple static file server. quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16202 | 1 Cofeescript Project | 1 Cofeescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16123 | 1 Welcomyzt Project | 1 Welcomyzt | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16122 | 1 Cuciuci Project | 1 Cuciuci | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16171 | 1 Hcbserver Project | 1 Hcbserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16215 | 1 Sgqserve Project | 1 Sgqserve | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16143 | 1 Commentapp.stetsonwood Project | 1 Commentapp.stetsonwood | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| commentapp.stetsonwood is an http server. commentapp.stetsonwood is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16157 | 1 Censorify.tanisjr Project | 1 Censorify.tanisjr | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| censorify.tanisjr is a simple web server and API RESTful service. censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16213 | 1 Mfrserver Project | 1 Mfrserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16203 | 1 Coffescript Project | 1 Coffescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16181 | 1 Wintiwebdev Project | 1 Wintiwebdev | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16035 | 1 Hubspot | 1 Hubl-server | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this behavior an attacker with the ability to man-in-the-middle a developer or system performing a package installation could compromise the integrity of the installation. | |||||
| CVE-2017-16142 | 1 Infraserver Project | 1 Infraserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16164 | 1 Desafio Project | 1 Desafio | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| desafio is a simple web server. desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url, but is limited to accessing only .html files. | |||||
| CVE-2017-16013 | 1 Hapijs | 1 Hapi | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached. | |||||
| CVE-2017-16138 | 1 Mime Project | 1 Mime | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. | |||||
| CVE-2017-16220 | 1 Wind-mvc Project | 1 Wind-mvc | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16160 | 1 11xiaoli Project | 1 11xiaoli | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| 11xiaoli is a simple file server. 11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16060 | 1 Babelcli Project | 1 Babelcli | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16195 | 1 Pytservce Project | 1 Pytservce | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| pytservce is a static file server. pytservce is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16130 | 1 Exxxxxxxxxxx Project | 1 Exxxxxxxxxxx | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error. | |||||
| CVE-2017-16105 | 1 Serverwzl Project | 1 Serverwzl | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16201 | 1 Zjjserver Project | 1 Zjjserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16153 | 1 Gaoxuyan Project | 1 Gaoxuyan | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16223 | 1 Nodeaaaaa Project | 1 Nodeaaaaa | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16194 | 1 Picard Project | 1 Picard | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16208 | 1 Dmmcquay.lab6 Project | 1 Dmmcquay.lab6 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16081 | 1 Cross-env.js Project | 1 Cross-env.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16172 | 1 Section2.madisonjbrooks12 Project | 1 Section2.madisonjbrooks12 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| section2.madisonjbrooks12 is a simple web server. section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16083 | 1 Node-simple-router | 1 Node-simple-router | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16084 | 1 List-n-stream Project | 1 List-n-stream | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16014 | 1 Http-proxy Project | 1 Http-proxy | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service. | |||||
| CVE-2017-16029 | 1 Hostr Project | 1 Hostr | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests. | |||||
| CVE-2017-16121 | 1 Datachannel-client Project | 1 Datachannel-client | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16165 | 1 Calmquist.static-server Project | 1 Calmquist.static-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16204 | 1 Jquey Project | 1 Jquey | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||