1344 matches found
CVE-2018-3713
CVE-2018-3713 concerns a path-traversal in the node module angular-http-server caused by lack of validation of possibleFilename, allowing a remote attacker to read arbitrary files on the server. Public reports and advisories (GHSA-4RVG-955W-H68Q; OSV; CNVD; PRION; NVD) consistently identify angul...
i18n-node-angular Multiple Vulnerabilities
i18n-node-angular is a tool that supports the use of i18n nodes in AngularJS applications. A denial of service and content injection vulnerability exists in REST endpoints in versions prior to i18n-node-angular 1.4.0. An attacker can exploit this vulnerability to cause a denial of service or...
PT-2018-16137 · Node.Js · Angular-Http-Server
Name of the Vulnerable Software and Affected Versions: angular-http-server versions prior to 1.6.0 Description: The angular-http-server node module has a Path Traversal issue due to the lack of validation of the possibleFilename variable, allowing a malicious user to read the content of any file...
CVE-2017-16009
ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting XSS via Angular Expressions, if AngularJS is used in combination with ag-grid...
PT-2018-6038 · Ag Grid +1 · Ag-Grid +1
Name of the Vulnerable Software and Affected Versions: ag-grid affected versions not specified Description: The issue concerns Cross-site Scripting XSS via Angular Expressions when ag-grid is used in combination with AngularJS. Recommendations: Avoid using ag-grid in combination with AngularJS...
CVE-2016-10524
i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of...
Design/Logic Flaw
i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of...
CVE-2016-10524
i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of...
CVE-2016-10524
CVE-2016-10524 affects i18n-node-angular. A REST endpoint intended for development was not disabled in production in versions before 1.4.0, allowing a malicious user to cause a Denial of Service or content injection. The issue is documented across NVD/NVD mirror entries and corroborated by multip...
Passit: Insecure opening of external links in app.passit.io/list allows for reverse tabnabbing
Description https://app.passit.io/list renders external links under attacker control that open in a new tab such that the opened tab has access to the opening tab where the user was just browsing on app.passit.io via window.opener. This is likely due to the lack of specifying a rel="noopener"...
Path Traversal
Overview Versions of angular-http-server before 1.4.4 are vulnerable to path traversal. Recommendation Update to version 1.4.4 or later. References - HackerOne Reporthttps://hackerone.com/reports/330349 - Commit 8bafc95 - GitHub Advisory...
Malicious Package
Overview Version 0.1.1 of angular-material-sidenav-rnd contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.1.1 of this module i...
Malicious Package
Overview Version 0.0.9 of angular-bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.9 of this module is found installe...
Yamot - Yet Another MOnitoring Tool
yamot is a web-based server-monitoring tool built for small environments with just a handful servers. It takes a minimum of resources which allows the execution on almost every machine, also very old ones. It works best with Linux or BSD. Windows is not part of the server scope. You could use it...
Path Traversal
Overview Versions of angular-http-server before 1.4.3 are vulnerable to path traversal allowing a remote attacker to read files from the server that uses angular-http-server. Recommendation Update to version 1.6.0 or later. Note: This was originally thought to be fixed in version 1.4.3, though...
Path Traversal
angular-http-server is vulnerable to path traversal attacks. Using a string including ../, attackers can traverse the server and any file with a known path...
angular-rome (>=0.2.4 <=0.2.9), api-gate (>=0.0.8 <=0.0.14) +74 more potentially affected by CVE-2018-3721 via lodash._basemerge (>=2.0.0 <=2.4.1)
lodash.basemerge NPM version =2.0.0, =0.2.4, =0.0.8, =0.1.2, =0.5.0, =0.0.3, =0.0.2, =0.0.0, =0.1.3, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.18, =1.1.16 and more Source cves: CVE-2018-3721 Source advisory: SNYK:JS-LODASHBASEMERGE-450201...
Node.js third-party modules: [angular-http-server] Path Traversal in angular-http-server.js allows to read arbitrary file from the remote server
Hi Guys, angular-http-server https://www.npmjs.com/package/angular-http-server contains Path Traversal vulnerability, which allows malicious user to read content of any file with known path. Module: A very simple application server designed for Single Page App SPA developers...
Cross-site Scripting (XSS)
angular is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization on xml:base attributes, which allows the Firefox browser to render malicious scripts...
Mutation Cross-site Scripting (XSS)
angular is vulnerable to mutation cross-site scripting XSS attack. A malicious user can inject arbitrary Javascript through the innerHTML property that is then executed when the browser mutates it...