|
258111
|
8.1 |
HIGH
Network
|
gfe-sass_project
|
gfe-sass
|
gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-16040
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258112
|
7.5 |
HIGH
Network
|
hftp_project
|
hftp
|
`hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16039
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258113
|
7.5 |
HIGH
Network
|
f2e-server_project
|
f2e-server
|
`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring el…
|
CWE-22
Path Traversal
|
CVE-2017-16038
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258114
|
7.5 |
HIGH
Network
|
gomeplus-h5-proxy_project
|
gomeplus-h5-proxy
|
`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.
|
CWE-22
Path Traversal
|
CVE-2017-16037
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258115
|
7.5 |
HIGH
Network
|
badjs-sourcemap-server_project
|
badjs-sourcemap-server
|
`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" …
|
CWE-22
Path Traversal
|
CVE-2017-16036
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258116
|
8.1 |
HIGH
Network
|
hubspot
|
hubl-server
|
The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are d…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-16035
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258117
|
7.5 |
HIGH
Network
|
socket
|
socket.io
|
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable.…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2017-16031
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258118
|
7.5 |
HIGH
Network
|
useragent_project
|
useragent
|
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing …
|
NVD-CWE-noinfo
|
CVE-2017-16030
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258119
|
7.5 |
HIGH
Network
|
hostr_project
|
hostr
|
hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outsid…
|
CWE-22
Path Traversal
|
CVE-2017-16029
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258120
|
5.3 |
MEDIUM
Network
|
randomatic_project
|
randomatic
|
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2017-16028
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
