Vendor CVEs
Hackerone
All CVEs
154 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16210 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16208 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16199 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16193 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16191 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16189 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16187 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16182 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16180 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16177 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16169 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | looppake is a simple http server. looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16155 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16152 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16150 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16147 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16145 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16135 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serverzyy is a static file server. serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16134 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16132 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16130 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no… | ||
| CVE-2017-16124 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16122 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16117 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds. | ||
| CVE-2017-16116 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. | ||
| CVE-2017-16113 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed. | ||
| CVE-2017-16108 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16105 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||
| CVE-2017-16101 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||
| CVE-2017-16093 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16090 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16089 | Hig | 0.49 | 7.5 | 0.02 | Jun 7, 2018 | serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||
| CVE-2017-16081 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16079 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16076 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16074 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16072 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16071 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16067 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16066 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16065 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16064 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16063 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16059 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16057 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16056 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16055 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16053 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16051 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16050 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16049 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
- risk 0.49cvss 7.5epss 0.02
jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
looppake is a simple http server. looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
serverzyy is a static file server. serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no…
- risk 0.49cvss 7.5epss 0.02
node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.
- risk 0.49cvss 7.5epss 0.02
The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.
- risk 0.49cvss 7.5epss 0.02
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.
- risk 0.49cvss 7.5epss 0.02
gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.49cvss 7.5epss 0.02
serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.49cvss 7.5epss 0.02
cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
- risk 0.49cvss 7.5epss 0.02
serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
- risk 0.49cvss 7.5epss 0.01
cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Page 2 of 4