|
265981
|
5.3 |
MEDIUM
Network
|
bitty_project
|
bitty
|
Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET reque…
|
CWE-22
Path Traversal
|
CVE-2016-10561
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265982
|
8.1 |
HIGH
Network
|
galenframework
|
galenframework-cli
|
galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to c…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10560
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265983
|
8.1 |
HIGH
Network
|
appium
|
appium-chromedriver
|
appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10557
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265984
|
6.5 |
MEDIUM
Network
|
jwt-simple_project
|
jwt-simple
|
Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HM…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10555
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265985
|
9.8 |
CRITICAL
Network
|
sequelizejs
|
sequelize
|
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, se…
|
CWE-89
SQL Injection
|
CVE-2016-10554
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265986
|
9.8 |
CRITICAL
Network
|
sequelizejs
|
sequelize
|
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed…
|
CWE-89
SQL Injection
|
CVE-2016-10553
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265987
|
7.4 |
HIGH
Network
|
infragistics
|
igniteui
|
igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol.
|
CWE-254
7PK - Security Features
|
CVE-2016-10552
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265988
|
9.8 |
CRITICAL
Network
|
sequelizejs
|
sequelize
|
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `lim…
|
CWE-89
SQL Injection
|
CVE-2016-10550
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265989
|
4.4 |
MEDIUM
Network
|
sailsjs
|
sails
|
Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the val…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10549
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265990
|
6.1 |
MEDIUM
Network
|
reduce-css-calc_project
|
reduce-css-calc
|
Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10548
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
