Vulnerabilidades em HackerOne

470 resultados
CVE-2018-3727626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read contentEPSS 2.0%CVE-2016-10622nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable tEPSS 2.0%CVE-2018-3730mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to reaEPSS 2.0%CVE-2018-3731public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read EPSS 2.0%CVE-2018-3722merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious useEPSS 2.0%CVE-2018-3723defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious EPSS 2.0%CVE-2017-0909The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addEPSS 2.0%CVE-2016-10675libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerabEPSS 2.0%CVE-2016-10668libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacEPSS 2.0%CVE-2016-10679selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standaEPSS 2.0%CVE-2018-3729localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to reEPSS 2.0%CVE-2016-10609chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable EPSS 2.0%CVE-2018-3720assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious usEPSS 2.0%CVE-2016-10518A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a pingEPSS 2.0%CVE-2018-3739https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized EPSS 2.0%CVE-2017-16167yyooopack is a simple file server. yyooopack is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by plEPSS 2.0%CVE-2017-16166byucslabsix is an http server. byucslabsix is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placEPSS 2.0%CVE-2017-16092Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to EPSS 2.0%CVE-2017-1616222lixian is a simple file server. 22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placEPSS 2.0%CVE-2017-16193mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../EPSS 2.0%