Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2018
CVE-2017-16088
The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.
CVSS Score
10.0
EPSS Score
0.03
Published
2018-06-07
CVE-2017-16089
serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16090
fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16091
xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16092
Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16093
cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16094
iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16095
serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16056
mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-07
CVE-2017-16057
nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved