29 matches found
Symlink Attack
httpserver is vulnerable to symlink attack. If an attacker is able to create a symbolically linked file in the working directory within the web root, it would be possible to access and read arbitrary system files outside of the web root directory...
Cross-Site Scripting
Overview All versions of httpserver are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available...
Cross-site Scripting (XSS)
httpserver is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of sanitization on staticPath, allowing XSS payloads to be stored in filenames or directory names...
Node.js third-party modules: Path traversal in https://www.npmjs.com/package/http_server via symlink
I would like to report Path traversal in httpserver It allows an attacker to read arbitrary system files. Module module name: httpserver version: 1.0.12 npm page: https://www.npmjs.com/package/httpserver Module Description Copy description from npm page Module Stats Weekly downloads: 35...
Node.js third-party modules: [http_server] Path Traversal allowing to read any files on the server
I would like to report path traversal vulnerability in module "httpserver" It allows an attacker to read any files even system files via this path traversal vulnerability. Module module name: httpserver version: 1.0.12 npm page: https://www.npmjs.com/package/httpserver Module Description 一个静态服务器...
Node.js third-party modules: [http_server] Stored XSS in the filename when directories listing
I would like to report Stored XSS in module "httpserver". It allows to inject malicious scripts in the file name, store them on the server, then execute these scripts in the browser via the XSS vulnerability. Module - module name: httpserver - version: 1.0.12 - npm page:...
CVE-2018-1283
In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...
Important: Red Hat Security Advisory: httpd security and bug fix update
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
MS Internet Explorer 7 Memory Corruption Exploit (MS09-002) (py)
No description provided by source. !/usr/bin/env python MS Internet Explorer 7 Memory Corruption Exploit MS09-002 Thanks to str0ke for finding this in the wild. Tested on Windows 2003 SP2 R2 Written by SecureState R&D Team ReL1K http://www.securestate.com win32bind EXITFUNC=seh LPORT=5500 Size=31...