|
251241
|
8.1 |
HIGH
Network
|
hubspot
|
hubl-server
|
The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are d…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-16035
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251242
|
7.5 |
HIGH
Network
|
socket
|
socket.io
|
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable.…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2017-16031
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251243
|
7.5 |
HIGH
Network
|
useragent_project
|
useragent
|
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing …
|
NVD-CWE-noinfo
|
CVE-2017-16030
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251244
|
7.5 |
HIGH
Network
|
hostr_project
|
hostr
|
hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outsid…
|
CWE-22
Path Traversal
|
CVE-2017-16029
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251245
|
5.3 |
MEDIUM
Network
|
randomatic_project
|
randomatic
|
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2017-16028
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251246
|
5.9 |
MEDIUM
Network
|
request_project
|
request
|
Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=…
|
CWE-20
Improper Input Validation
|
CVE-2017-16026
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251247
|
5.9 |
MEDIUM
Network
|
hapijs
|
nes
|
Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only pres…
|
CWE-287
Improper Authentication
|
CVE-2017-16025
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251248
|
6.5 |
MEDIUM
Network
|
sync-exec_project
nodejs
|
sync-exec
node.js
|
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read acces…
|
CWE-200
Information Exposure
|
CVE-2017-16024
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251249
|
7.5 |
HIGH
Network
|
decamelize_project
|
decamelize
|
Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator val…
|
CWE-20
Improper Input Validation
|
CVE-2017-16023
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251250
|
6.1 |
MEDIUM
Network
|
morris.js_project
|
morris.js
|
Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, scr…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16022
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
