|
253341
|
7.5 |
HIGH
Network
|
gomeplus-h5-proxy_project
|
gomeplus-h5-proxy
|
`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.
|
CWE-22
Path Traversal
|
CVE-2017-16037
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253342
|
7.5 |
HIGH
Network
|
badjs-sourcemap-server_project
|
badjs-sourcemap-server
|
`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" …
|
CWE-22
Path Traversal
|
CVE-2017-16036
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253343
|
8.1 |
HIGH
Network
|
hubspot
|
hubl-server
|
The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are d…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-16035
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253344
|
7.5 |
HIGH
Network
|
socket
|
socket.io
|
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable.…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2017-16031
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253345
|
7.5 |
HIGH
Network
|
useragent_project
|
useragent
|
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing …
|
NVD-CWE-noinfo
|
CVE-2017-16030
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253346
|
7.5 |
HIGH
Network
|
hostr_project
|
hostr
|
hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outsid…
|
CWE-22
Path Traversal
|
CVE-2017-16029
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253347
|
5.3 |
MEDIUM
Network
|
randomatic_project
|
randomatic
|
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2017-16028
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253348
|
5.9 |
MEDIUM
Network
|
request_project
|
request
|
Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=…
|
CWE-20
Improper Input Validation
|
CVE-2017-16026
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253349
|
5.9 |
MEDIUM
Network
|
hapijs
|
nes
|
Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only pres…
|
CWE-287
Improper Authentication
|
CVE-2017-16025
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253350
|
6.5 |
MEDIUM
Network
|
sync-exec_project
nodejs
|
sync-exec
node.js
|
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read acces…
|
CWE-200
Information Exposure
|
CVE-2017-16024
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
