|
272501
|
4.4 |
MEDIUM
Network
|
sailsjs
|
sails
|
Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the val…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10549
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272502
|
6.1 |
MEDIUM
Network
|
reduce-css-calc_project
|
reduce-css-calc
|
Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10548
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272503
|
6.1 |
MEDIUM
Network
|
mozilla
|
nunjucks
|
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10547
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272504
|
9.8 |
CRITICAL
Network
|
pouchdb
|
pouchdb
|
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch i…
|
CWE-94
Code Injection
|
CVE-2016-10546
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272505
|
5.9 |
MEDIUM
Network
|
uws_project
|
uws
|
uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down t…
|
CWE-20
Improper Input Validation
|
CVE-2016-10544
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272506
|
5.3 |
MEDIUM
Network
|
call_project
|
call
|
call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypas…
|
CWE-20
Improper Input Validation
|
CVE-2016-10543
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272507
|
7.5 |
HIGH
Network
|
ws_project
|
ws
|
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server…
|
CWE-20
Improper Input Validation
|
CVE-2016-10542
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272508
|
9.8 |
CRITICAL
Network
|
shell-quote_project
|
shell-quote
|
The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious …
|
CWE-94
Code Injection
|
CVE-2016-10541
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272509
|
7.5 |
HIGH
Network
|
minimatch_project
|
minimatch
|
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is …
|
CWE-20
Improper Input Validation
|
CVE-2016-10540
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272510
|
7.5 |
HIGH
Network
|
negotiator_project
|
negotiator
|
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlie…
|
CWE-20
Improper Input Validation
|
CVE-2016-10539
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
