CVE-2018-3744

The vulnerability CVE-2018-3744 affects the html-pages Node.js module, with versions prior to 2.1.0 susceptible to a directory/path traversal vulnerability that allows an attacker to read arbitrary files on the server (e.g., via crafted URLs or curl requests). Public reports and advisories (GHSA-...

CVE-2018-3733

The vulnerability CVE-2018-3733 affects the NodeJS package crud-file-server (prior to version 0.9.0). It stems from incorrect validation/sanitation of URLs, enabling a path traversal that lets an attacker read files outside the served directory. Impact is read access to arbitrary files with known...

PT-2018-16166 · Node · Html-Pages

Name of the Vulnerable Software and Affected Versions: html-pages versions prior to 2.1.0 Description: The issue allows an attacker to read any file from the server, potentially using tools like cURL. This is due to a path traversal vulnerability in the html-pages node module. Recommendations:...

CVE-2018-3750

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

CVE-2018-3728

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existi...

Code injection

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existi...

CVE-2018-3728

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existi...

DEBIAN-CVE-2018-3728

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existi...

CVE-2018-3728

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existi...

CVE-2018-3728

CVE-2018-3728 affects the hoek npm package. It is vulnerable to prototype pollution via the merge and applyToDefaults utilities, allowing an attacker to modify Object.prototype through proto and corrupt properties on all objects. Affected versions are hoek before 4.2.0 and 5.0.x before 5.0.3. Rem...

Downloads Resources over HTTP

Overview Affected versions of atom-node-module-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

Electron Elevation of Privilege Vulnerability

Electron is a set of cross-platform desktop application development tools based on Web technology . A security vulnerability exists in Electron versions prior to 0.33.5, which can be exploited by an attacker to execute arbitrary programs with elevated privileges via a malicious Node module...

[SECURITY] Fedora 18 Update: nodejs-init-package-json-0.0.10-1.fc18

A node module to get your node module started, by creating its package.json metadata file...

CVE-2012-4473

The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node type page" permission to access unpublished nodes via a direct request...

CVE-2012-4474

Multiple cross-site scripting XSS vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified parameters...

CVE-2012-4474

Multiple cross-site scripting XSS vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified parameters...

CVE-2012-4474

CVE-2012-4474 : The Drupal contributed module Colorbox Node (7.x-2.x) is vulnerable to cross-site scripting (XSS) in versions prior to 7.x-2.2. The issue arises because the module did not adequately validate certain URL parameters before printing them to the browser, allowing an attacker to injec...

CVE-2012-2730

The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions...

CVE-2012-2730

CVE-2012-2730 affects the Drupal Protected Node module (6.x-1.x) prior to 6.x-1.6. The vulnerability allows remote attackers to bypass access restrictions by accessing nodes outside the standard node view due to insufficient protection of node access. Affected versions: Protected node 6.x-1.x bef...

CVE-2012-2730

The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions...