|
254781
|
5.3 |
MEDIUM
Network
|
randomatic_project
|
randomatic
|
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2017-16028
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254782
|
5.9 |
MEDIUM
Network
|
request_project
|
request
|
Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=…
|
CWE-20
Improper Input Validation
|
CVE-2017-16026
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254783
|
5.9 |
MEDIUM
Network
|
hapijs
|
nes
|
Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only pres…
|
CWE-287
Improper Authentication
|
CVE-2017-16025
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254784
|
6.5 |
MEDIUM
Network
|
sync-exec_project
nodejs
|
sync-exec
node.js
|
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read acces…
|
CWE-200
Information Exposure
|
CVE-2017-16024
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254785
|
7.5 |
HIGH
Network
|
decamelize_project
|
decamelize
|
Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator val…
|
CWE-20
Improper Input Validation
|
CVE-2017-16023
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254786
|
6.1 |
MEDIUM
Network
|
morris.js_project
|
morris.js
|
Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, scr…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16022
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254787
|
6.5 |
MEDIUM
Network
|
garycourt
|
uri-js
|
uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regula…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2017-16021
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254788
|
9.8 |
CRITICAL
Network
|
summit_project
|
summit
|
Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.
|
CWE-94
Code Injection
|
CVE-2017-16020
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254789
|
6.1 |
MEDIUM
Network
|
gitbook
|
gitbook
|
GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git and Markdown (or AsciiDoc). Stored Cross-Site-Scripting (XSS) is possible in GitBook before 3.2.2 by…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16019
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254790
|
6.1 |
MEDIUM
Network
|
restify
|
restify
|
Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16018
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
