|
252321
|
7.5 |
HIGH
Network
|
ua-parser_project
|
ua-parser
|
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16086
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252322
|
7.5 |
HIGH
Network
|
tinyserver2_project
|
tinyserver2
|
tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
|
CWE-22
Path Traversal
|
CVE-2017-16085
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252323
|
7.5 |
HIGH
Network
|
list-n-stream_project
|
list-n-stream
|
list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by…
|
CWE-22
Path Traversal
|
CVE-2017-16084
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252324
|
7.5 |
HIGH
Network
|
node-simple-router
|
node-simple-router
|
node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
|
CWE-22
Path Traversal
|
CVE-2017-16083
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252325
|
9.8 |
CRITICAL
Network
|
node-postgres
|
pg
|
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likel…
|
CWE-94
Code Injection
|
CVE-2017-16082
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252326
|
7.5 |
HIGH
Network
|
cross-env.js_project
|
cross-env.js
|
cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
CWE-200
Information Exposure
|
CVE-2017-16081
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252327
|
7.5 |
HIGH
Network
|
nodesass_project
|
nodesass
|
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
CWE-200
Information Exposure
|
CVE-2017-16080
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252328
|
7.5 |
HIGH
Network
|
smb_project
|
smb
|
smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
CWE-200
Information Exposure
|
CVE-2017-16079
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252329
|
7.5 |
HIGH
Network
|
shadowsock_project
|
shadowsock
|
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
CWE-200
Information Exposure
|
CVE-2017-16078
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252330
|
7.5 |
HIGH
Network
|
mongose_project
|
mongose
|
mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
CWE-200
Information Exposure
|
CVE-2017-16077
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
