Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-16146 |
mockserve is a file server. mockserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Published: June 06, 2018; 10:29:04 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16145 |
sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Published: June 06, 2018; 10:29:04 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16144 |
myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Published: June 06, 2018; 10:29:04 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16143 |
commentapp.stetsonwood is an http server. commentapp.stetsonwood is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Published: June 06, 2018; 10:29:04 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16142 |
infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Published: June 06, 2018; 10:29:04 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16141 |
lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Published: June 06, 2018; 10:29:04 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16140 |
lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16139 |
jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to files with .htm and .js extensions. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16138 |
The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16137 |
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2017-16136 |
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16135 |
serverzyy is a static file server. serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16134 |
http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16133 |
goserv is an http server. goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16132 |
simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16131 |
unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16130 |
exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16129 |
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 5.9 MEDIUM V2.0: 7.1 HIGH |
CVE-2017-16128 |
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-16127 |
The module pandora-doomsday infects other modules. It's since been unpublished from the registry. Published: June 06, 2018; 10:29:03 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |