|
222561
|
7.5 |
HIGH
Network
|
http-live-simulator_project
|
http-live-simulator
|
Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker.
|
CWE-22
Path Traversal
|
CVE-2019-5423
|
2024-11-21 13:44 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222562
|
6.1 |
MEDIUM
Network
|
buttle_project
|
buttle
|
XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server.
|
CWE-79
Cross-site Scripting
|
CVE-2019-5422
|
2024-11-21 13:44 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222563
|
9.8 |
CRITICAL
Network
|
plataformatec
|
devise
|
Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempt…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2019-5421
|
2024-11-21 13:44 |
2019-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222564
|
9.8 |
CRITICAL
Network
|
rubyonrails
debian
fedoraproject
|
rails
debian_linux
fedora
|
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can …
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2019-5420
|
2024-11-21 13:44 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222565
|
7.5 |
HIGH
Network
|
rubyonrails
debian
redhat
opensuse
fedoraproject
|
rails
debian_linux
software_collections
cloudforms
leap
fedora
|
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2019-5419
|
2024-11-21 13:44 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222566
|
7.5 |
HIGH
Network
|
rubyonrails
debian
redhat
opensuse
fedoraproject
|
rails
debian_linux
cloudforms
leap
fedora
software_collections
|
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the targ…
|
NVD-CWE-noinfo
|
CVE-2019-5418
|
2024-11-21 13:44 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222567
|
7.5 |
HIGH
Network
|
zeit
|
serve
|
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.
|
CWE-22
Path Traversal
|
CVE-2019-5417
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222568
|
7.5 |
HIGH
Network
|
localhost-now_project
|
localhost-now
|
A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server.
|
CWE-22
Path Traversal
|
CVE-2019-5416
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222569
|
7.5 |
HIGH
Network
|
zeit
|
serve
|
A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.
|
CWE-269
Improper Privilege Management
|
CVE-2019-5415
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
222570
|
8.1 |
HIGH
Network
|
kill-port_project
|
kill-port
|
If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.
|
CWE-78
OS Command
|
CVE-2019-5414
|
2024-11-21 13:44 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
