CVE-2015-8862
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Source: CVE-2015-8862
[월:] 2017년 01월
CVE-2016-1281
CVE-2016-1281
Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VerCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "applicaiton directory," as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs.
Source: CVE-2016-1281
CVE-2015-8860
CVE-2015-8860
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
Source: CVE-2015-8860
CVE-2015-8855
CVE-2015-8855
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
Source: CVE-2015-8855
CVE-2015-8861
CVE-2015-8861
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Source: CVE-2015-8861
CVE-2015-8857
CVE-2015-8857
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.
Source: CVE-2015-8857
CVE-2016-0769
CVE-2016-0769
Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter.
Source: CVE-2016-0769
CVE-2015-8859
CVE-2015-8859
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.
Source: CVE-2015-8859
CVE-2015-8856
CVE-2015-8856
Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.
Source: CVE-2015-8856
CVE-2015-8858
CVE-2015-8858
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
Source: CVE-2015-8858