|
246641
|
7.5 |
HIGH
Network
|
mpath_project
|
mpath
|
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
|
CWE-74
Injection
|
CVE-2018-16490
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246642
|
9.8 |
CRITICAL
Network
|
just-extend_project
|
just-extend
|
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.
|
CWE-74
Injection
|
CVE-2018-16489
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246643
|
5.6 |
MEDIUM
Network
|
lodash
|
lodash
|
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
|
NVD-CWE-noinfo
|
CVE-2018-16487
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246644
|
9.8 |
CRITICAL
Network
|
defaults-deep_project
|
defaults-deep
|
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.
|
CWE-74
Injection
|
CVE-2018-16486
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246645
|
6.5 |
MEDIUM
Network
|
m-server_project
|
m-server
|
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.
|
CWE-22
Path Traversal
|
CVE-2018-16485
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246646
|
5.4 |
MEDIUM
Network
|
m-server_project
|
m-server
|
A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16484
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246647
|
8.8 |
HIGH
Network
|
express-cart_project
|
express-cart
|
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2018-16483
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246648
|
7.5 |
HIGH
Network
|
mcstatic_project
|
mcstatic
|
A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL pat…
|
CWE-22
Path Traversal
|
CVE-2018-16482
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246649
|
6.1 |
MEDIUM
Network
|
html-pages_project
|
html-pages
|
A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16481
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246650
|
6.1 |
MEDIUM
Network
|
public_project
|
public
|
A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16480
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
