CVE-2021-23797

Removed by vendor...

CVE-2021-23797 Directory Traversal

All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is...

http-server-node 路径遍历漏洞

Http-Server-Node is an Http server by the individual developer Guro Beridze in Georgia. A security vulnerability exists in http-server-node due to a lack of effective restriction and filtering of directory permissions and path parameters. An attacker can exploit this vulnerability to obtain...

Directory Traversal

Overview http-server-node is a simple, zero-configuration command-line http server Affected versions of this package are vulnerable to Directory Traversal via use of --path-as-is. PoC curl -s --path-as-is http://127.0.0.1:3000/../sensitive-file.txt Details A Directory Traversal attack also known ...

SAP NetWeaver AS Java Information Disclosure Vulnerability (CNVD-2020-18535)

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. An information disclosure vulnerability exists in SAP NetWeaver AS Java. An attacker can exploit thi...

CVE-2018-10923

It was found that the "mknod" call derived from mknod2 can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. Mitigation To limit exposure of glust...

Malicious Package

Overview All versions of erquest typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

UBUNTU-CVE-2018-10926

A flaw was found in RPC request using gfs3mknodreq supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node...

CVE-2018-10923

It was found that the "mknod" call derived from mknod2 can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node...

anvil-connect (>=0.1.0 <=0.1.39), anvil-connect-jwt (>=0.1.0 <=0.1.2) +49 more potentially affected by CVE-2017-16021 via uri-js (>=1.4.2 <=2.1.1)

uri-js NPM version =1.4.2, =0.1.0, =0.1.0, =0.1.0, =0.2.12, =1.15.0, =0.1.0, =0.1.2, =0.4.2, =1.0.0, =0.0.1, =1.0.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2017-16021 Source advisory: OSV:GHSA-333W-RXJ3-F55R...