Show filters
331 Total Results
Displaying 171-180 of 331
Sort by:
Attacker Value
Unknown
CVE-2020-10963
Disclosure Date: March 25, 2020 (last updated February 21, 2025)
FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.
0
Attacker Value
Unknown
CVE-2020-7602
Disclosure Date: March 15, 2020 (last updated February 21, 2025)
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env.NM_CLI" in the file "linux/manager.js". This function is used to construct the argument of function "execSync()", which can be controlled by users without any sanitization.
0
Attacker Value
Unknown
CVE-2020-10531
Disclosure Date: March 12, 2020 (last updated February 21, 2025)
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
0
Attacker Value
Unknown
CVE-2014-9748
Disclosure Date: February 11, 2020 (last updated February 21, 2025)
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.
0
Attacker Value
Unknown
CVE-2019-15605
Disclosure Date: February 07, 2020 (last updated February 21, 2025)
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
0
Attacker Value
Unknown
CVE-2019-15606
Disclosure Date: February 07, 2020 (last updated February 21, 2025)
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
0
Attacker Value
Unknown
CVE-2019-15604
Disclosure Date: February 07, 2020 (last updated February 21, 2025)
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
0
Attacker Value
Unknown
CVE-2015-8851
Disclosure Date: January 30, 2020 (last updated February 21, 2025)
node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.
0
Attacker Value
Unknown
CVE-2019-15607
Disclosure Date: January 28, 2020 (last updated February 21, 2025)
A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc.
0
Attacker Value
Unknown
CVE-2019-15597
Disclosure Date: December 18, 2019 (last updated November 27, 2024)
A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.
0