Total
7923 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16595 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.export_005fdownload_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5118. | |||||
| CVE-2017-16592 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the common.download_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5103. | |||||
| CVE-2017-16591 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.download_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5100. | |||||
| CVE-2017-16250 | 1 Mitel | 1 St14.2 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names. | |||||
| CVE-2017-16225 | 1 Aegir Project | 1 Aegir | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token. | |||||
| CVE-2017-16206 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16205 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16204 | 1 Jquey Project | 1 Jquey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16203 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16202 | 1 Cofeescript Project | 1 Cofeescript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16126 | 1 Botbait Project | 1 Botbait | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked (test, require, pre-install) | |||||
| CVE-2017-16081 | 1 Cross-env.js Project | 1 Cross-env.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16080 | 1 Nodesass Project | 1 Nodesass | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16079 | 1 Smb Project | 1 Smb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16078 | 1 Shadowsock Project | 1 Shadowsock | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16077 | 1 Mongose Project | 1 Mongose | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16076 | 1 Proxy.js Project | 1 Proxy.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16075 | 1 Http-proxy.js Project | 1 Http-proxy.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16074 | 1 Crossenv Project | 1 Crossenv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16073 | 1 Noderequest Project | 1 Noderequest | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||