|
273391
|
8.1 |
HIGH
Network
|
cnpmjs
|
operadriver
|
operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code e…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10565
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273392
|
8.1 |
HIGH
Network
|
apk-parser_project
|
apk-parser
|
apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be poss…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10564
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273393
|
8.1 |
HIGH
Network
|
ipfs
|
go-ipfs-dep
|
During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10563
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273394
|
8.1 |
HIGH
Network
|
iedriver_project
|
iedriver
|
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause re…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10562
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273395
|
5.3 |
MEDIUM
Network
|
bitty_project
|
bitty
|
Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET reque…
|
CWE-22
Path Traversal
|
CVE-2016-10561
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273396
|
8.1 |
HIGH
Network
|
galenframework
|
galenframework-cli
|
galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to c…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10560
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273397
|
8.1 |
HIGH
Network
|
appium
|
appium-chromedriver
|
appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10557
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273398
|
6.5 |
MEDIUM
Network
|
jwt-simple_project
|
jwt-simple
|
Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HM…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10555
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273399
|
9.8 |
CRITICAL
Network
|
sequelizejs
|
sequelize
|
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, se…
|
CWE-89
SQL Injection
|
CVE-2016-10554
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273400
|
9.8 |
CRITICAL
Network
|
sequelizejs
|
sequelize
|
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed…
|
CWE-89
SQL Injection
|
CVE-2016-10553
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
