Liang Gong

34 exploits Active since May 2018
CVE-2017-16036 WRITEUP HIGH WORKING POC
badjs-sourcemap-server - Path Traversal via URL Manipulation
`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS 7.5
CVE-2017-16037 WRITEUP HIGH WORKING POC
gomeplus-h5-proxy - Path Traversal via URL Parameter
`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.
CVSS 7.5
CVE-2017-16039 WRITEUP HIGH WORKING POC
hftp - Path Traversal via URL Parameter
`hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS 7.5
CVE-2017-16083 WRITEUP HIGH WORKING POC
node-simple-router < 0.10.0 - Path Traversal via URL
node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS 7.5
CVE-2017-16084 WRITEUP HIGH WORKING POC
list-n-stream < 0.0.10 - Path Traversal via URL Manipulation
list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS 7.5
CVE-2017-16085 WRITEUP HIGH WORKING POC
tinyserver2 < 0.6.0 - Path Traversal via URL
tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS 7.5
CVE-2017-16089 WRITEUP HIGH WORKING POC
serverlyr - Path Traversal via URL Manipulation
serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS 7.5
CVE-2017-16090 WRITEUP HIGH WORKING POC
fsk-server - Path Traversal via URL Parameter
fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS 7.5
CVE-2017-16092 WRITEUP HIGH WORKING POC
sencisho - Path Traversal via URL
Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS 7.5
CVE-2017-16093 WRITEUP HIGH WORKING POC
cyber-js - Path Traversal via URL Manipulation
cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS 7.5
CVE-2017-16095 WRITEUP HIGH WORKING POC
serverliujiayi1 - Path Traversal via URL
serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS 7.5
CVE-2017-16096 WRITEUP HIGH WORKING POC
serveryaozeyan - Path Traversal via URL Manipulation
serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS 7.5
CVE-2017-16101 WRITEUP HIGH WORKING POC
serverwg - Path Traversal via URL Parameter
serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS 7.5
CVE-2017-16102 WRITEUP HIGH WORKING POC
serverhuwenhui - Path Traversal via URL Manipulation
serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS 7.5
CVE-2017-16103 WRITEUP HIGH WORKING POC
serveryztyzt - Path Traversal via URL Parameter
serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS 7.5
CVE-2017-16104 WRITEUP HIGH WORKING POC
citypredict.whauwiller - Path Traversal via URL Parameter
citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS 7.5
CVE-2017-16105 WRITEUP HIGH WORKING POC
serverwzl - Path Traversal via URL Manipulation
serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS 7.5
CVE-2017-16106 WRITEUP HIGH WORKING POC
tmock - Path Traversal via URL Parameter
tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS 7.5
CVE-2017-16108 WRITEUP HIGH WORKING POC
gaoxiaotingtingting - Path Traversal via URL Parameter
gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS 7.5
CVE-2017-16109 WRITEUP MEDIUM WORKING POC
easyquick < 0.1.1 - Path Traversal via URL Manipulation
easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to supported file types. Requesting a file such as /etc/passwd returns a "not supported" error.
CVSS 5.3
CVE-2017-16120 WRITEUP HIGH WORKING POC
liyujing - Path Traversal via URL Manipulation
liyujing is a static file server. liyujing is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS 7.5
CVE-2017-16121 WRITEUP HIGH WORKING POC
datachannel-client - Path Traversal
datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS 7.5
CVE-2017-16122 WRITEUP HIGH WORKING POC
cuciuci - Path Traversal via URL Manipulation
cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS 7.5
CVE-2017-16124 WRITEUP HIGH WORKING POC
node-server-forfront - Path Traversal
node-server-forfront is a simple static file server. node-server-forfront is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS 7.5
CVE-2017-16125 WRITEUP HIGH WORKING POC
rtcmulticonnection-client - Path Traversal
rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager. rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS 7.5