CVE-2017-16164

desafio is a simple web server. desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url, but is limited to accessing only .html files...

IBM InfoSphere Information Server Information Disclosure Vulnerability (CNVD-2018-11080)

IBM InfoSphere Information Server is the market-leading data integration platform that includes a range of products that enable you to understand, cleanse, monitor, transform and deliver data and collaborate to bridge the gap between business and IT. An information disclosure vulnerability exists...

grunt-ccompiler Man-in-the-Middle Attack Vulnerability

grunt-ccompiler is a Grunt plugin for compiling Closure. A security vulnerability exists in grunt-ccompiler that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with an...

CVE-2016-10654

sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10669

soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote...

airbrake module information disclosure vulnerability

The airbrake module is an exception report notification program for use in Node.js. A security vulnerability exists in airbrake module version 0.3.8 and earlier, which stems from the program defaulting to sending environment variables with sensitive values over the HTTP protocol. An attacker can...

CVE-2016-10623

macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

CVE-2016-10616

openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10618

node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

strider-sauce code execution vulnerability

strider-sauce is a package for installing and deploying Strider. A security vulnerability exists in strider-sauce that originates when the program downloads compressed resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested zip file with a zi...

Webdrvr Code Execution Vulnerability

webdrvr is a browser automation framework. A security vulnerability exists in webdrvr that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with a binary under their control to execut...

Trend Micro Smart Protection Server Remote Denial of Service Vulnerability

Trend Micro Smart Protection Server Standalone is a server that provides smart protection from Trend Micro. A security vulnerability exists in version 3.x of Trend Micro Smart Protection Server Standalone. A remote attacker could exploit this vulnerability by sending a large number of specially...

dalek-browser-chrome-canary code execution vulnerability

dalek-browser-chrome-canary is a plugin for the DalekJS browser for Google Chrome. A security vulnerability exists in dalek-browser-chrome-canary that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the...

CVE-2016-10590

cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker i...

Moodle Design Vulnerability (CNVD-2018-10648)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security vulnerability exists in version 3.x of Moodle. An attacker could exploit th...

SAP Internet Graphics Server HTTP and RFC listener denial of service vulnerability

SAP Internet Graphics Server IGS is a graphics server from SAP, Germany. The product is able to generate graphs or charts in different areas.HTTP is one of the hypertext transfer protocols; RFC listener is one of the RFC listener. A security vulnerability exists in HTTP and RFC listener in SAP IG...

Unspecified Content Spoofing Vulnerability in SAP NetWeaver Application Server Java Web Container and HTTP Service

SAP NetWeaver is Germany's SAP SAP company's set of service-oriented integrated application platform, the platform can provide development and operation environment for SAP applications. Application Server Java Web Container is one of the Java application running environment; HTTP Service is an...

Redhat Mobile Application Platform HTML Injection Vulnerability

RHMAP is a mapping statistics package. app Studio component is one of the app development components. A security vulnerability exists in the App Studio component in RHMAP version 4.4. An attacker can exploit the vulnerability to execute script code or HTML in the context of a browser...

Here's How eFail Attack Works Against PGP and S/MIME Encrypted Emails

With a heavy heart, security researchers have early released the details of a set of vulnerabilities discovered in email clients for two widely used email encryption standards—PGP and S/MIME—after someone leaked their paper on the Internet, which was actually scheduled for tomorrow. PGP and S/MIM...

Lenovo Help Android mobile app information disclosure vulnerability

Lenovo Help Android is an Android-based mobile application from Lenovo, a Chinese company, for getting support for Lenovo products. A security vulnerability exists in the Lenovo Help Android mobile application prior to version 6.1.2.0327, which can be exploited to obtain information over an HTTP...