The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings. Date published : 2017-01-23 https://nodesecurity.io/advisories/41 http://www.openwall.com/lists/oss-security/2016/04/20/11
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing. Date published : 2017-01-23 https://nodesecurity.io/advisories/41 http://www.openwall.com/lists/oss-security/2016/04/20/11
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI. Date published : 2017-01-23 https://nodesecurity.io/advisories/41 http://www.openwall.com/lists/oss-security/2016/04/20/11
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. Date published : 2017-01-23 https://nodesecurity.io/advisories/41 http://www.openwall.com/lists/oss-security/2016/04/20/11
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. Date published : 2017-01-23 http://www.securityfocus.com/bid/97102 https://nodesecurity.io/advisories/43
Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface. Date published : 2017-01-23 http://packetstormsecurity.com/files/136040/Vivint-Sky-Control-Panel-Unauthenticated-Access.html
Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode....
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063. Date published : 2017-01-23 http://www.securityfocus.com/bid/94132...
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. Date published : 2017-01-23 http://www.securityfocus.com/bid/96436 https://nodesecurity.io/advisories/62
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. Date published : 2017-01-23 http://www.securityfocus.com/bid/96434 https://www.tenable.com/security/tns-2016-18
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. Date published : 2017-01-23 https://nodesecurity.io/advisories/57 http://www.openwall.com/lists/oss-security/2016/04/20/11
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. Date published : 2017-01-23 http://www.securityfocus.com/bid/96435 https://nodesecurity.io/advisories/56
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)." Date published...
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging...