An issue was discovered in OpenTSDB that enables attackers to run arbitrary commands through the /q URI.
There is XSS in parameter type to the /suggest URI.
XSS in parameter json to the /q URI.
The default configuration in Apache Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
When an intentionally bad query arrives that does not match a dynamic url-pattern, and is eventually handled by the DefaultServlet static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full …
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto allows a remote attacker to obtain sensitive information.
There is a race-condition which could lead to authenticated sessions being incorrectly applied to users.
baserCMS allows remote attackers with a site operator privilege to upload arbitrary files.
A session fixation vulnerability exists in the Jenkins SAML Plugin that allows unauthorized attackers to impersonate another users if they can control the pre-authentication session.
aiohttp-session contains a Session Fixation vulnerability in the load_session function for RedisStorage that can result in Session Hijacking. This attack appears to be exploitable via any method that allows setting session cookies.
A server-side request forgery vulnerability exists in the Jenkins URLTrigger Plugin in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
The gem rubyzip contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files, an attacker can upload a malicious file that contains symlinks or files with absolute pathnames .. to write arbitrary files to the filesystem.
baserCMS allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors.
Transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. A large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to …
A vulnerability exists in the Jenkins Configuration as Code Plugin that allows attackers with access to Jenkins log files
A vulnerability exists in the Jenkins z/OS Connector Plugin. It allows an attacker with local file system access or control of a Jenkins administrator's web browser to retrieve the configured password.
The package sprockets may leak confidential information. Specially crafted requests can be used to access files that exist on the filesystem that are outside an application's root directory when the server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
baserCMS allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
A vulnerability exists in the Jenkins GitHub Plugin in GitHubTokenCredentialsCreator.java that allows attackers to capture credentials stored in Jenkins.
A vulnerability exists in the Jenkins Configuration as Code Plugin that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration.
An arbitrary file read vulnerability exists in the Jenkins SSH Credentials Plugin in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.
Eclipse Jetty contains a vulnerability that could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.
json-jwt is vulnerable to improper verification of cryptographic signatures when decrypting AES-GCM encrypted JSON Web Tokens. This can result in an attacker being able to forge an authentication tag.
baserCMS allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.
A vulnerability exists in the Jenkins Fortify CloudScan Plugin that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as.
A man in the middle vulnerability exists in the Jenkins CollabNet Plugin that allows attackers to impersonate any service that Jenkins connects to.
baserCMS allows remote authenticated attackers to bypass access restriction to view or alter a restricted content via unspecified vectors.
A persisted cross-site scripting vulnerability exists in the Jenkins Badge that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when other user performs some UI actions.
Cross-site scripting vulnerability in baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Joplin contains an XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in the Note content field.
Cross-site scripting vulnerability in baserCMS allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Froxlor version Contains a code injection vulnerability.
Minio a Allocation of Memory Without Limits or Throttling vulnerability in write-to-RAM.
Multiple SQL injection vulnerabilities in Centreon including Centreon Web allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.
Spring Framework allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the jsonp and callback JSONP parameters, enabling cross-domain requests.
This advisory has been marked as a False Positive and has been removed.
This advisory has been marked as a False Positive and has been removed.
Centreon including Centreon Web is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.
Spring Framework allows web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
There is Remote Code Execution in Centreon including Centreon Web via the RPN value in the Virtual Metric form in centreonGraph.class.php.
ruby-ffi has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String.
When using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions.
Froxl has Incorrect Access Control for tickets not owned by the current user.
Ansible has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
An issue was discovered in Phusion Passenger. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
An issue was discovered in phpMyAdm in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for allowed pages.
An issue was discovered in js/designer/move.js in phpMyAdm A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.
The daemons package loads and executes malicious scripts.
Auth0 angular-jwt treats allow listedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.allow listedDomains setting to bypass the domain allowlist filter via a crafted domain.
JBoss RichFaces allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code.
JBoss RichFaces allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code.
A Session Fixation issue exists in CodeIgniter because session.use_strict_mode in the Session Library was mishandled.
Given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.
index.js in oauth2orize-fprm is vulnerable to XSS via a crafted URL.
A race condition in the nginx module in Phusion Passenger allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.
expressCart allows remote attackers to create an admin user via a /admin/setup Referer header.
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8267.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8229.
Archive.java in Junrar is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.
Unauthorised users can hijack rooms when there is no m.room.power_levels event in force.
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227.
DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.
The security handlers in the Security component in Symfony have an Open redirect vulnerability when security.http_utils is inlined by a container.
The security handlers in the Security component in Symfony have an Open redirect vulnerability when security.http_utils is inlined by a container.
A session fixation vulnerability within the Guard login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
A session fixation vulnerability within the Guard login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
A session fixation vulnerability within the Guard login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
A session fixation vulnerability within the Guard login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit . A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.
Apache Geode server is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege.
DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler take the content of the _target_path parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks.
DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler take the content of the _target_path parameter and generate a redirect response but no check is performed on the path, which could be an absolute URL to an external domain, opening redirect vulnerability. Open redirect vulnerability are not too much considered but they can be exploited for example to mount effective phishing attacks.
An issue was discovered in the HttpFoundation component in Symfony. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.
The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.
The on_get_missing_events function in handlers/federation.py in Matrix Synapse has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.
An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a null password and valid username, which triggers an unauthenticated bind.
An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a null password and valid username, which triggers an unauthenticated bind.
An issue was discovered in the Ldap component in Symfony. It allows remote attackers to bypass authentication by logging in with a null password and valid username, which triggers an unauthenticated bind.
Ignite Realtime Openfire is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Website, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
The private_address_check ruby gem is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address.
URL Rewrite vulnerability.
URL Rewrite vulnerability in zend-feed.
URL Rewrite vulnerability in zend-http.
URL Rewrite vulnerability in zend-diactoros.
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.
The MXNet framework will listen on a port different from DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they did not expect to be listening on.
OWASP Dependency-Check allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
An attacker is able to craft a request that results in an HTTP (redirect) to an entirely different domain.
Unrestricted file upload (RCE) in express-cart module allows a privileged user to gain access in the hosting machine.
The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.
method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client does not support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header.
charset is vulnerable to regular expression denial of service. Input of around k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is kb, so the impact of the ReDoS is relatively low.
The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control …
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around k characters to block for 2 seconds making this a low severity issue.
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
The timespan module is vulnerable to regular expression denial of service. Given k characters of untrusted user input it will block the event loop for around seconds.
The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.
Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.
slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About k characters can block the event loop for 2 seconds.
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header.
The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case, it can block the event loop causing a denial of service condition.
calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
node module suffers from a Path Traversal vulnerability due to lack of validation of files, which allows a malicious user to read content of any file with known path.
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
caolilinode is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
glance node module suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible.
citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
shenliru is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
cyber-js server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
myprolyz is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
liyujing is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.
looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
earlybird is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
The angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.
fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
list-n-stream is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
ewgaddis.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
unicorn-list is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of URLs, which allows a malicious user to read content of any file with known path.
dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
dylmomo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
lab6.brit95 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
jansenstuffpleasework is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url, but is limited to accessing only .html files.
lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. Accessible files are restricted to files with .htm and .js extensions.
tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
byucslabsix is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
360class.jansenhmis vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing..` in the url.
yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
wffserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
yyooopack is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
whispercast is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
dcserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
lab6drewfusbyu is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
myserver.alexcthomas18 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
exxxxxxxxxxx is an HTTP eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error.
pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
pytservce is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
The node-server-forfront package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
commentapp.stetsonwood is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the URL.
serve46 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
11xiaoli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
mockserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing ../ in the url.
fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.
https-proxy-agent passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter (e.g. JSON).
lodash node module suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects.
assign-deep node module suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects.
merge-deep node module suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects.
smb is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
node-openssl is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodemailer-js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
The module npm-script-demo opens a connection to a command and control server. It has been removed from the npm registry.
cross-env.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.
node-opensl is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
noderequest is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
crossenv is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodemailer.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodesass is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
proxy.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
nodecaffe is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
opencv.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
mssql.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
nodemssql is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
mssql-node is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
openssl.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
http-proxy.js is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
shadowsock is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
The module pandora-doomsday infects other modules. It's since been unpublished from the registry.
nodeffmpeg is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
aegir is a module to help automate JavaScript project management. aegir publishes to npm the GitHub user token.
botbait is known to record and track user information. The module tracks the following information. Source IP, process.versions, process.platform.
node-opencv is a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.
sshpk is vulnerable to ReDoS when parsing maliciously crafted invalid public keys.
Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function.
Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.
mixin-deep node suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects.
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.
Untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.
Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes).
By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.
defaults-deep node module suffers from a vulnerability, which allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects.
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at worst allowed cross-origin activities that were expected to be forbidden. If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS …
connect node module suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability due to a lack of validation of file names.
bracket-template suffers from reflected XSS when a variable passed via GET parameter is used in template
crud-file-server node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
If untrusted user input is allowed into the resolve() method then command injection is possible.
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.
A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron.
Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.
resolve-path relative path resolving suffers from a lack of file path sanitization for Windows based paths.
serve does not properly handle %2e (.) and %2f (/) and allows these characters to be used in paths, which can be used to traverse the directory tree up and lists content of any directory the user running the process has access to. Mitigating factors: This vulnerability only allows listing of directory contents and does not allow reading of arbitrary files.
Fastify is vulnerable to a denial-of-service attack by sending a request with Content-Type set to application/json and a very large payload.
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
A server-side request forgery vulnerability exists in the Jenkins CAS Plugin in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
A server-side request forgery vulnerability exists in the Jenkins GitHub Plugin in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
A server-side request forgery vulnerability exists in the Jenkins Git Plugin that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
A path traversal vulnerability exists in Jenkins in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
Apache Storm expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside the target folder.
An improper neutralization of control sequences vulnerability exists in Jenkins in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.
An information exposure vulnerability exists in Jenkins that allows users with Overall/Read access to enumerate all installed plugins.
A vulnerability exists in the Jenkins GitHub Plugin in GitHubServerConfig.java that allows attackers with Overall/Read IDs obtained through another method, to capture credentials stored in Jenkins.
A vulnerability exists in the Jenkins Kubernetes Plugin in ContainerExecDecorator.java that results in sensitive variables such as passwords being exposed through log messages.
Apache Storm expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.