|
252371
|
7.5 |
HIGH
Network
|
useragent_project
|
useragent
|
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing …
|
NVD-CWE-noinfo
|
CVE-2017-16030
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252372
|
7.5 |
HIGH
Network
|
hostr_project
|
hostr
|
hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outsid…
|
CWE-22
Path Traversal
|
CVE-2017-16029
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252373
|
5.3 |
MEDIUM
Network
|
randomatic_project
|
randomatic
|
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2017-16028
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252374
|
5.9 |
MEDIUM
Network
|
request_project
|
request
|
Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=…
|
CWE-20
Improper Input Validation
|
CVE-2017-16026
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252375
|
5.9 |
MEDIUM
Network
|
hapijs
|
nes
|
Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only pres…
|
CWE-287
Improper Authentication
|
CVE-2017-16025
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252376
|
6.5 |
MEDIUM
Network
|
sync-exec_project
nodejs
|
sync-exec
node.js
|
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read acces…
|
CWE-200
Information Exposure
|
CVE-2017-16024
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252377
|
7.5 |
HIGH
Network
|
decamelize_project
|
decamelize
|
Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator val…
|
CWE-20
Improper Input Validation
|
CVE-2017-16023
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252378
|
6.1 |
MEDIUM
Network
|
morris.js_project
|
morris.js
|
Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, scr…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16022
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252379
|
6.5 |
MEDIUM
Network
|
garycourt
|
uri-js
|
uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regula…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2017-16021
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252380
|
9.8 |
CRITICAL
Network
|
summit_project
|
summit
|
Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.
|
CWE-94
Code Injection
|
CVE-2017-16020
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
