Vulnerabilidades em HackerOne

470 resultados
CVE-2017-16123welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by plEPSS 2.0%CVE-2017-16181wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem bEPSS 2.0%CVE-2017-16031Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `MaEPSS 2.0%CVE-2017-16118The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression deniEPSS 1.9%CVE-2014-10068The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden`EPSS 1.9%CVE-2018-3734stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read conEPSS 1.9%CVE-2016-10550sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server iEPSS 1.9%CVE-2016-10554sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server iEPSS 1.9%CVE-2017-16025Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vuEPSS 1.9%CVE-2018-16489A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through itEPSS 1.8%CVE-2017-16029hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3EPSS 1.8%CVE-2016-10551waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contaiEPSS 1.8%CVE-2018-16482A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive informaEPSS 1.8%CVE-2018-3711Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" andEPSS 1.8%CVE-2017-16091xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker accesEPSS 1.8%CVE-2018-3712serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in pathEPSS 1.8%CVE-2017-16129The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed responsEPSS 1.8%CVE-2018-3724general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious EPSS 1.8%CVE-2018-16493A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the servEPSS 1.8%CVE-2017-16114The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characEPSS 1.8%