Directory traversal

A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability...

CVE-2023-23907

A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability...

Milesight MilesightVPN server.js start directory traversal vulnerability

Talos Vulnerability Report TALOS-2023-1702 Milesight MilesightVPN server.js start directory traversal vulnerability July 6, 2023 CVE Number CVE-2023-23907 SUMMARY A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network...

Sql injection

A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The patch is named a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is...

CVE-2015-10035 gperson angular-test-reporter data-server.js addTest sql injection

A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The patch is named a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is...

CVE-2015-10035

CVE-2015-10035 affects gperson angular-test-reporter in the rest-server/data-server.js file, specifically the getProjectTables/addTest function. The issue enables SQL injection due to how input is handled in that code path. The patch to fix this vulnerability is identified by the commit hash a29d...

CVE-2014-125068

A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The patch is named 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix th...

CVE-2014-125068

The CVE-2014-125068 case affects saxman maps-js-icoads, where the issue arises from processing of http-server.js, enabling path traversal. Public sources in multiple feeds consistently describe a critical vulnerability with the patch identified as 34b8b0cce2807b119f4cffda2ac48fc8f427d69a and advi...

CVE-2014-125068 saxman maps-js-icoads http-server.js path traversal

A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The patch is named 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix th...

Sql injection

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is...

CVE-2014-125049 typcn Blogile server.js getNav sql injection

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is...

Path Traversal

httpster is vulnerable to path traversal. The vulnerability exists in server.js because it accesses files and directories that are stored outside the intended folder, which allows an attacker to access arbitrary files and directories stored...

Path Traversal

lite-dev-server is vulnerable to path traversal. The vulnerability exists in server.js because it aims to access files and directories that are stored outside the intended folder. By manipulating files with dot-dot-slash ../ sequences and its variations it may be possible to access arbitrary file...

Arbitrary Code Execution

bpampuch/pdfmake is vulnerable to arbitrary code execution. The vulnerability exists in eval function of server.js due to lack of sanitization of the data sent to the server which allows an attacker to inject and execute malicious codes in to the system...

Cross-site Scripting (XSS)

@shopify/hydrogen is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the renderHydrogen function of entry-server.js when the application is built with hydrogen...

GHSA-3FR8-MWPP-8H9P Cross-site scripting in TileServer GL

An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS...

Cross-site scripting in TileServer GL

An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS...

CVE-2020-15500

An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS...

Cross site scripting

An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS...

CVE-2020-15500

TileServer GL