» 2019 » 2월

CVE-2018-16490

Posted on 2019년 2월 2일2019년 2월 2일 by admin

CVE-2018-16490

A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.

Source: CVE-2018-16490

CVE-2018-16481

Posted on 2019년 2월 2일2019년 2월 2일 by admin

CVE-2018-16481

A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user’s browser due to the absence of sanitization of the paths before rendering.

Source: CVE-2018-16481

CVE-2018-16480

Posted on 2019년 2월 2일2019년 2월 2일 by admin

CVE-2018-16480

A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.

Source: CVE-2018-16480

CVE-2018-16489

Posted on 2019년 2월 2일2019년 2월 2일 by admin

CVE-2018-16489

A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.

Source: CVE-2018-16489

CVE-2018-16479

Posted on 2019년 2월 2일2019년 2월 2일 by admin

CVE-2018-16479

Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.

Source: CVE-2018-16479

CVE-2018-16482

Posted on 2019년 2월 2일2019년 2월 2일 by admin

CVE-2018-16482

A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path.

Source: CVE-2018-16482

CVE-2018-16483

Posted on 2019년 2월 2일2019년 2월 2일 by admin

CVE-2018-16483

A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.

Source: CVE-2018-16483

CVE-2018-16484

Posted on 2019년 2월 2일2019년 2월 2일 by admin

CVE-2018-16484

A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.

Source: CVE-2018-16484

CVE-2018-16485

Posted on 2019년 2월 2일2019년 2월 2일 by admin

CVE-2018-16485

Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.

Source: CVE-2018-16485

CVE-2018-16486

Posted on 2019년 2월 2일2019년 2월 2일 by admin

CVE-2018-16486

A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.

Source: CVE-2018-16486