Vulnerabilidades en HackerOne
470 resultadosCVE-2016-10528—restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1EPSS 1.2%CVE-2017-16017—sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability.EPSS 1.2%CVE-2017-16009—ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AEPSS 1.2%CVE-2017-16049—`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16069—nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16060—babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16052—`node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16070—nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16064—node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16075—http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16065—openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16068—ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16202—The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installatEPSS 1.2%CVE-2017-16072—nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16054—`nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16048—`node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16074—crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2017-16225—aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm tEPSS 1.2%CVE-2014-10067—paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the productioEPSS 1.2%CVE-2017-16030—Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headeEPSS 1.2%