VYPR

Vendor CVEs

Hackerone

All CVEs

154 total · sorted by risk
  • CVE-2017-16210HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16208HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16199HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16193HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16191HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16189HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16187HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16182HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16180HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16177HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16169HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    looppake is a simple http server. looppake is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16155HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16152HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16150HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16147HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    shit-server is a file server. shit-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16145HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16135HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverzyy is a static file server. serverzyy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16134HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16132HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16130HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no…

  • CVE-2017-16124HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16122HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16117HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.

  • CVE-2017-16116HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods.

  • CVE-2017-16113HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.

  • CVE-2017-16108HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16105HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16101HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16093HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16090HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16089HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

  • CVE-2017-16081HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16079HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16076HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16074HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16072HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16071HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16067HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16066HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16065HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16064HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16063HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16059HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16057HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16056HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16055HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16053HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16051HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16050HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16049HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.