Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-29 | CVE-2018-3733 | Path Traversal vulnerability in Crud-File-Server Project Crud-File-Server crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | 7.5 |
| 2018-05-29 | CVE-2018-11392 | Unrestricted Upload of File with Dangerous Type vulnerability in Jigowatt PHP Login & User Management 3.2.1/4.0/4.1.0 An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. | 8.8 |
| 2018-05-29 | CVE-2017-16153 | Path Traversal vulnerability in Gaoxuyan Project Gaoxuyan gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | 7.5 |
| 2018-05-29 | CVE-2017-16062 | Information Exposure vulnerability in Node-Tkinter Project Node-Tkinter node-tkinter was a malicious module published with the intent to hijack environment variables. | 7.5 |
| 2018-05-29 | CVE-2017-16061 | Information Exposure vulnerability in Tkinter Package Tkinter tkinter was a malicious module published with the intent to hijack environment variables. | 7.5 |
| 2018-05-29 | CVE-2017-16047 | Information Exposure vulnerability in Mysqljs Project Mysqljs mysqljs was a malicious module published with the intent to hijack environment variables. | 7.5 |
| 2018-05-29 | CVE-2017-16003 | Missing Encryption of Sensitive Data vulnerability in Windows-Build-Tools Project Windows-Build-Tools windows-build-tools is a module for installing C++ Build Tools for Windows using npm. | 8.1 |
| 2018-05-29 | CVE-2016-10698 | Cryptographic Issues vulnerability in Mystem-Fix Project Mystem-Fix 0.0.4/0.0.5 mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. | 8.1 |
| 2018-05-29 | CVE-2016-10682 | Cryptographic Issues vulnerability in Massif Project Massif 0.0.11 massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | 8.1 |
| 2018-05-29 | CVE-2016-10681 | Cryptographic Issues vulnerability in Robotwebtools Roslibjs roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. | 8.1 |