|
258041
|
7.5 |
HIGH
Network
|
timespan_project
|
timespan
|
The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16115
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258042
|
7.5 |
HIGH
Network
|
marked_project
|
marked
|
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16114
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258043
|
7.5 |
HIGH
Network
|
parsejson_project
|
parsejson
|
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.
|
CWE-20
Improper Input Validation
|
CVE-2017-16113
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258044
|
7.5 |
HIGH
Network
|
content_project
|
content
|
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16111
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258045
|
7.5 |
HIGH
Network
|
weather.swlyons_project
|
weather.swlyons
|
weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16110
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258046
|
5.3 |
MEDIUM
Network
|
easyquick_project
|
easyquick
|
easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to s…
|
CWE-22
Path Traversal
|
CVE-2017-16109
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258047
|
7.5 |
HIGH
Network
|
gaoxiaotingtingting_project
|
gaoxiaotingtingting
|
gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16108
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258048
|
7.5 |
HIGH
Network
|
pooledwebsocket_project
|
pooledwebsocket
|
pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16107
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258049
|
7.5 |
HIGH
Network
|
tmock_project
|
tmock
|
tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16106
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258050
|
7.5 |
HIGH
Network
|
serverwzl_project
|
serverwzl
|
serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
|
CWE-22
Path Traversal
|
CVE-2017-16105
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
