Lista CVE - 2018 / Giugno
Visualizzazione 501 - 600 di 1783 CVE per Giugno 2018 (Pagina 6 di 18)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2017-16180 | 2018-06-07 | serverabc is a static file server. serverabc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16181 | 2018-06-07 | wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16182 | 2018-06-07 | serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16184 | 2018-06-07 | scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16185 | 2018-06-07 | uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16186 | 2018-06-07 | 360class.jansenhm is a static file server. 360class.jansenhm is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16187 | 2018-06-07 | open-device creates a web interface for any device. open-device is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16188 | 2018-06-07 | reecerver is a web server. reecerver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16189 | 2018-06-07 | sly07 is an API for censoring text. sly07 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16190 | 2018-06-07 | dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16191 | 2018-06-07 | cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16192 | 2018-06-07 | getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16193 | 2018-06-07 | mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16194 | 2018-06-07 | picard is a micro framework. picard is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16195 | 2018-06-07 | pytservce is a static file server. pytservce is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16196 | 2018-06-07 | quickserver is a simple static file server. quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16197 | 2018-06-07 | qinserve is a static file server. qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16199 | 2018-06-07 | susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16200 | 2018-06-07 | uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16201 | 2018-06-07 | zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16202 | 2018-06-07 | The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. |
| CVE-2017-16203 | 2018-06-07 | The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. |
| CVE-2017-16204 | 2018-06-07 | The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. |
| CVE-2017-16205 | 2018-06-07 | The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. |
| CVE-2017-16207 | 2018-06-07 | discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin. |
| CVE-2017-16208 | 2018-06-07 | dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16209 | 2018-06-07 | enserver is a simple web server. enserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16210 | 2018-06-07 | jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16211 | 2018-06-07 | lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16212 | 2018-06-07 | ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16213 | 2018-06-07 | mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16214 | 2018-06-07 | peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16215 | 2018-06-07 | sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16216 | 2018-06-07 | tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16217 | 2018-06-07 | fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16218 | 2018-06-07 | dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16219 | 2018-06-07 | yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16220 | 2018-06-07 | wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16221 | 2018-06-07 | yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16222 | 2018-06-07 | elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible,... |
| CVE-2017-16223 | 2018-06-07 | nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16224 | 2018-06-07 | st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request... |
| CVE-2017-16225 | 2018-06-07 | aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token. |
| CVE-2017-16226 | 2018-06-07 | The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution. |
| CVE-2018-3711 | 2018-06-07 | Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload. |
| CVE-2018-3712 | 2018-06-07 | serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user... |
| CVE-2018-3713 | 2018-06-07 | angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. |
| CVE-2018-3714 | 2018-06-07 | node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. |
| CVE-2018-3715 | 2018-06-07 | glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of... |
| CVE-2018-3716 | 2018-06-07 | simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. |
| CVE-2018-3717 | 2018-06-07 | connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware. |
| CVE-2018-3718 | 2018-06-07 | serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. |
| CVE-2018-3719 | 2018-06-07 | mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition... |
| CVE-2018-3720 | 2018-06-07 | assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition... |
| CVE-2018-3721 | 2018-06-07 | lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of... |
| CVE-2018-3722 | 2018-06-07 | merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition... |
| CVE-2018-3723 | 2018-06-07 | defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition... |
| CVE-2018-3724 | 2018-06-07 | general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path. |
| CVE-2018-3725 | 2018-06-07 | hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. |
| CVE-2018-3726 | 2018-06-07 | crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. |
| CVE-2018-3727 | 2018-06-07 | 626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. |
| CVE-2018-3729 | 2018-06-07 | localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. |
| CVE-2018-3730 | 2018-06-07 | mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. |
| CVE-2018-3731 | 2018-06-07 | public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. |
| CVE-2018-3732 | 2018-06-07 | resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content... |
| CVE-2018-3735 | 2018-06-07 | bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template |
| CVE-2018-3737 | 2018-06-07 | sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. |
| CVE-2018-3738 | 2018-06-07 | protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files. |
| CVE-2018-3739 | 2018-06-07 | https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to... |
| CVE-2017-6779 | 2018-06-07 | Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause... |
| CVE-2018-0263 | 2018-06-07 | A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to... |
| CVE-2018-0274 | 2018-06-07 | A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user.... |
| CVE-2018-0315 | 2018-06-07 | A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device... |
| CVE-2018-0316 | 2018-06-07 | A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to... |
| CVE-2018-0317 | 2018-06-07 | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to escalate their privileges. The vulnerability is due to insufficient web portal... |
| CVE-2018-0318 | 2018-06-07 | A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is... |
| CVE-2018-0319 | 2018-06-07 | A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is... |
| CVE-2018-0320 | 2018-06-07 | A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a... |
| CVE-2018-0321 | 2018-06-07 | A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation (RMI) system. The vulnerability is due to an open... |
| CVE-2018-0322 | 2018-06-07 | A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remote attacker to modify sensitive data that is associated with arbitrary accounts on... |
| CVE-2018-0353 | 2018-06-07 | A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The... |
| CVE-2018-0296 | 2018-06-07 | A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a... |
| CVE-2018-12015 | 2018-06-07 | In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular... |
| CVE-2018-7688 | 2018-06-07 | Open Build Service accepts arbitrary reviews |
| CVE-2018-7689 | 2018-06-07 | Open Build Service arbitrary package modification |
| CVE-2018-12016 | 2018-06-07 | libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls. |
| CVE-2018-1514 | 2018-06-07 | IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that... |
| CVE-2018-1547 | 2018-06-07 | IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By... |
| CVE-2018-12031 | 2018-06-07 | Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. |
| CVE-2018-6670 | 2018-06-07 | External Entity Attack vulnerability in McAfee Common UI (CUI) |
| CVE-2018-12036 | 2018-06-07 | OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. |
| CVE-2017-6290 | 2018-06-07 | In Android before the 2018-06-05 security patch level, NVIDIA TLK TrustZone contains a possible out of bounds write due to an integer overflow which could lead to local escalation of... |
| CVE-2017-6292 | 2018-06-07 | In Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out of bounds write due to integer overflow which could lead to local escalation of privilege... |
| CVE-2017-6294 | 2018-06-07 | In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 TZ contains a possible out of bounds write due to missing bounds check which could lead to escalation of... |
| CVE-2018-12039 | 2018-06-07 | joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring. |
| CVE-2018-10619 | 2018-06-07 | An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to... |
| CVE-2018-12042 | 2018-06-07 | Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter. |
| CVE-2018-12043 | 2018-06-07 | content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. |
| CVE-2018-0149 | 2018-06-07 | A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object... |
| CVE-2018-0329 | 2018-06-07 | A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read... |