Export limit exceeded: 345097 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345097 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16142 | 1 Infraserver Project | 1 Infraserver | 2024-11-21 | N/A |
| infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16141 | 1 Lab6drewfusbyu Project | 1 Lab6drewfusbyu | 2024-11-21 | N/A |
| lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16140 | 1 Lab6.brit95 Project | 1 Lab6.brit95 | 2024-11-21 | N/A |
| lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16139 | 1 Jikes Project | 1 Jikes | 2024-11-21 | N/A |
| jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to files with .htm and .js extensions. | ||||
| CVE-2017-16138 | 2 Mime Project, Redhat | 2 Mime, Quay | 2024-11-21 | N/A |
| The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. | ||||
| CVE-2017-16137 | 2 Debug Project, Redhat | 2 Debug, Quay | 2024-11-21 | N/A |
| The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue. | ||||
| CVE-2017-16136 | 1 Expressjs | 1 Method-override | 2024-11-21 | N/A |
| method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header. | ||||
| CVE-2017-16135 | 1 Serverzyy Project | 1 Serverzyy | 2024-11-21 | N/A |
| serverzyy is a static file server. serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16134 | 1 Http Static Simple Project | 1 Http Static Simple | 2024-11-21 | N/A |
| http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16133 | 1 Goserv Project | 1 Goserv | 2024-11-21 | N/A |
| goserv is an http server. goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16132 | 1 Simple-npm-registry Project | 1 Simple-npm-registry | 2024-11-21 | N/A |
| simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16131 | 1 Unicorn-list Project | 1 Unicorn-list | 2024-11-21 | N/A |
| unicorn-list is a web framework. unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16130 | 1 Exxxxxxxxxxx Project | 1 Exxxxxxxxxxx | 2024-11-21 | N/A |
| exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error. | ||||
| CVE-2017-16129 | 1 Superagent Project | 1 Superagent | 2024-11-21 | N/A |
| The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to. | ||||
| CVE-2017-16128 | 1 Npm-script-demo Project | 1 Npm-script-demo | 2024-11-21 | N/A |
| The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry. | ||||
| CVE-2017-16127 | 1 Pandora-doomsday Project | 1 Pandora-doomsday | 2024-11-21 | N/A |
| The module pandora-doomsday infects other modules. It's since been unpublished from the registry. | ||||
| CVE-2017-16126 | 1 Botbait Project | 1 Botbait | 2024-11-21 | N/A |
| The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked (test, require, pre-install) | ||||
| CVE-2017-16125 | 1 Rtcmulticonnection-client Project | 1 Rtcmulticonnection-client | 2024-11-21 | N/A |
| rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager. rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16124 | 1 Node-server-forfront Project | 1 Node-server-forfront | 2024-11-21 | N/A |
| node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16123 | 1 Welcomyzt Project | 1 Welcomyzt | 2024-11-21 | N/A |
| welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||