Lucene search
K

72 matches found

Github Security Blog
Github Security Blog
added 2018/06/07 7:43 p.m.23 views

Denial of Service in ecstatic

Versions of ecstatic prior to 1.4.0 are affected by a denial of service vulnerability when certain input strings are sent via the Last-Modified or If-Modified-Since headers. Parsing certain inputs with new Date or Date.parse cases v8 to crash. As ecstatic passes the value of the affected headers...

7.5CVSS7.2AI score0.02093EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2018/05/30 8:24 a.m.15 views

Denial Of Service (DoS)

ecstatic is vulnerable to denial of service DoS through Socket Exhaustion. When the input with new Date or Date.parse is passed through the If-Modified-Since or Last-Modified headers, it may crash the application...

7.5CVSS7.2AI score0.02093EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/05/29 8:29 p.m.21 views

CVE-2015-9241

Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out default node timeout is 2...

7.5CVSS7.5AI score0.02135EPSS
Exploits1References3
Jake Archibald's Blog
Jake Archibald's Blog
added 2016/04/27 5:1 p.m.11 views

Caching best practices & max-age gotchas

Getting caching right yields huge performance benefits, saves bandwidth, and reduces server costs, but many sites half-arse their caching, creating race conditions resulting in interdependent resources getting out of sync. The vast majority of best-practice caching falls into one of two patterns:...

6.5AI score
Exploits0
seebug.org
seebug.org
added 2016/04/06 12:0 a.m.43 views

悟空CRM从无任何权限到Getshell漏洞分析

简要描述: 这是一个无需账户的getshell。 此漏洞专为打某人脸,哈哈 附带一个判断某某的小技巧,较实用。 详细说明: 悟空CRM大部分功能是需要登录,登录以后的漏洞比较鸡肋,那么我发一个越权,从无任意权限到拿下管理员权限,到getshell。 看到检查权限的类 App/Lib/Behavior/AuthenticateBehavior.class.php: class AuthenticateBehavior extends Behavior protected $options = array; public function run&$params $m = MODULENAM...

7.1AI score
Exploits0
Node.js
Node.js
added 2015/12/23 10:29 p.m.33 views

Denial of Service

Overview Versions of ecstatic prior to 1.4.0 are affected by a denial of service vulnerability when certain input strings are sent via the Last-Modified or If-Modified-Since headers. Parsing certain inputs with new Date or Date.parse cases v8 to crash. As ecstatic passes the value of the affected...

5CVSS3AI score0.02093EPSS
Exploits0Affected Software1
NVD
NVD
added 2014/09/18 10:55 a.m.26 views

CVE-2014-4383

The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header...

4.3CVSS5.5AI score0.01456EPSS
Exploits0References8
securityvulns
securityvulns
added 2013/12/30 12:0 a.m.119 views

Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4.9 PHP 5.0.x PHP 5.1.x PHP 5.2.x PHP 5.3....

7.5CVSS7.6AI score0.35635EPSS
Exploits8
Fedora
Fedora
added 2012/06/05 11:2 p.m.17 views

[SECURITY] Fedora 17 Update: rubygem-rack-cache-1.2-1.fc17

Rack::Cache is suitable as a quick drop-in component to enable HTTP caching for Rack-based applications that produce freshness Expires, Cache-Control and /or validation Last-Modified, ETag information...

0.7AI score
Exploits0
Metasploit
Metasploit
added 2010/11/13 6:40 a.m.40 views

Web Site Crawler

Crawl a web site and store information about what was found This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Web Site Crawler', 'Description' = 'Crawl a web site and store information about what...

6.9AI score
Exploits0
Prion
Prion
added 2006/01/31 11:3 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags...

4.3CVSS6.3AI score0.02562EPSS
Exploits1References10Affected Software1
Microsoft KB
Microsoft KB
added 1970/01/01 12:0 a.m.5 views

End of support for Office 2016 and Office 2019

None None...

5.3AI score
Exploits0
Rows per page
Query Builder