|
250981
|
7.5 |
HIGH
Network
|
simple-npm-registry_project
|
simple-npm-registry
|
simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16132
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250982
|
7.5 |
HIGH
Network
|
unicorn-list_project
|
unicorn-list
|
unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16131
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250983
|
7.5 |
HIGH
Network
|
exxxxxxxxxxx_project
|
exxxxxxxxxxx
|
exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Acc…
|
CWE-22
Path Traversal
|
CVE-2017-16130
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250984
|
5.9 |
MEDIUM
Network
|
superagent_project
|
superagent
|
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed.…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16129
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250985
|
9.8 |
CRITICAL
Network
|
npm-script-demo_project
|
npm-script-demo
|
The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-16128
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250986
|
9.8 |
CRITICAL
Network
|
pandora-doomsday_project
|
pandora-doomsday
|
The module pandora-doomsday infects other modules. It's since been unpublished from the registry.
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-16127
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250987
|
5.3 |
MEDIUM
Network
|
botbait_project
|
botbait
|
The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following inform…
|
CWE-200
Information Exposure
|
CVE-2017-16126
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250988
|
7.5 |
HIGH
Network
|
rtcmulticonnection-client_project
|
rtcmulticonnection-client
|
rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager. rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker …
|
CWE-22
Path Traversal
|
CVE-2017-16125
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250989
|
7.5 |
HIGH
Network
|
node-server-forfront_project
|
node-server-forfront
|
node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16124
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250990
|
7.5 |
HIGH
Network
|
welcomyzt_project
|
welcomyzt
|
welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16123
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
