Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16164 | 1 Desafio Project | 1 Desafio | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| desafio is a simple web server. desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url, but is limited to accessing only .html files. | |||||
| CVE-2017-16174 | 1 Whispercast Project | 1 Whispercast | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| whispercast is a file server. whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16176 | 1 Jansenstuffpleasework Project | 1 Jansenstuffpleasework | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| jansenstuffpleasework is a file server. jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16177 | 1 Chatbyvista Project | 1 Chatbyvista | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-14833 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Text Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5025. | |||||
| CVE-2017-14834 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of FileAttachment annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5026. | |||||
| CVE-2017-16186 | 1 360class.jansenhm Project | 1 360class.jansenhm | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| 360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-14835 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the page method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5027. | |||||
| CVE-2017-14836 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5028. | |||||
| CVE-2017-14837 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pageSpan method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5029. | |||||
| CVE-2017-16070 | 1 Nodecaffe Project | 1 Nodecaffe | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16187 | 1 Open-device Project | 1 Open-device | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16188 | 1 Reecerver Project | 1 Reecerver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16163 | 1 Dylmomo Project | 1 Dylmomo | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| dylmomo is a simple file server. dylmomo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16162 | 1 22lixian Project | 1 22lixian | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| 22lixian is a simple file server. 22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16189 | 1 Sly07 Project | 1 Sly07 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-15103 | 2 Heketi Project, Redhat | 2 Heketi, Enterprise Linux | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation. | |||||
| CVE-2017-16071 | 1 Nodemailer-js Project | 1 Nodemailer-js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16199 | 1 Susu-sum Project | 1 Susu-sum | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16200 | 1 Uv-tj-demo Project | 1 Uv-tj-demo | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16201 | 1 Zjjserver Project | 1 Zjjserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16204 | 1 Jquey Project | 1 Jquey | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16157 | 1 Censorify.tanisjr Project | 1 Censorify.tanisjr | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| censorify.tanisjr is a simple web server and API RESTful service. censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16156 | 1 Myprolyz Project | 1 Myprolyz | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| myprolyz is a static file server. myprolyz is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16155 | 1 Fast-http-cli Project | 1 Fast-http-cli | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16202 | 1 Cofeescript Project | 1 Cofeescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16154 | 1 Earlybird Project | 1 Earlybird | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| earlybird is a web server module for early development. earlybird is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16072 | 1 Nodemailer.js Project | 1 Nodemailer.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16212 | 1 Ltt Project | 1 Ltt | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16145 | 1 Sspa Project | 1 Sspa | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16061 | 1 Tkinter Package | 1 Tkinter | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16221 | 1 Yzt Project | 1 Yzt | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16220 | 1 Wind-mvc Project | 1 Wind-mvc | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16208 | 1 Dmmcquay.lab6 Project | 1 Dmmcquay.lab6 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16193 | 1 Mfrs Project | 1 Mfrs | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16192 | 1 Getcityapi.yoehoehne Project | 1 Getcityapi.yoehoehne | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16191 | 1 Cypserver Project | 1 Cypserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16190 | 1 Dcdcdcdcdc Project | 1 Dcdcdcdcdc | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16181 | 1 Wintiwebdev Project | 1 Wintiwebdev | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16180 | 1 Serverabc Project | 1 Serverabc | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16134 | 1 Http Static Simple Project | 1 Http Static Simple | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16133 | 1 Goserv Project | 1 Goserv | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| goserv is an http server. goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16119 | 1 Fresh Project | 1 Fresh | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition. | |||||
| CVE-2017-16118 | 1 Forwarded Project | 1 Forwarded | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition. | |||||
| CVE-2017-16117 | 1 Slug Project | 1 Slug | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds. | |||||
| CVE-2017-16116 | 1 String Project | 1 String | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. | |||||
| CVE-2017-16114 | 1 Marked Project | 1 Marked | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds. | |||||
| CVE-2017-16113 | 1 Parsejson Project | 1 Parsejson | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed. | |||||
| CVE-2017-16102 | 1 Serverhuwenhui Project | 1 Serverhuwenhui | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16101 | 1 Serverwg Project | 1 Serverwg | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||