72 matches found
Denial of Service in ecstatic
Versions of ecstatic prior to 1.4.0 are affected by a denial of service vulnerability when certain input strings are sent via the Last-Modified or If-Modified-Since headers. Parsing certain inputs with new Date or Date.parse cases v8 to crash. As ecstatic passes the value of the affected headers...
Denial Of Service (DoS)
ecstatic is vulnerable to denial of service DoS through Socket Exhaustion. When the input with new Date or Date.parse is passed through the If-Modified-Since or Last-Modified headers, it may crash the application...
CVE-2015-9241
Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out default node timeout is 2...
Caching best practices & max-age gotchas
Getting caching right yields huge performance benefits, saves bandwidth, and reduces server costs, but many sites half-arse their caching, creating race conditions resulting in interdependent resources getting out of sync. The vast majority of best-practice caching falls into one of two patterns:...
悟空CRM从无任何权限到Getshell漏洞分析
简要描述: 这是一个无需账户的getshell。 此漏洞专为打某人脸,哈哈 附带一个判断某某的小技巧,较实用。 详细说明: 悟空CRM大部分功能是需要登录,登录以后的漏洞比较鸡肋,那么我发一个越权,从无任意权限到拿下管理员权限,到getshell。 看到检查权限的类 App/Lib/Behavior/AuthenticateBehavior.class.php: class AuthenticateBehavior extends Behavior protected $options = array; public function run&$params $m = MODULENAM...
Denial of Service
Overview Versions of ecstatic prior to 1.4.0 are affected by a denial of service vulnerability when certain input strings are sent via the Last-Modified or If-Modified-Since headers. Parsing certain inputs with new Date or Date.parse cases v8 to crash. As ecstatic passes the value of the affected...
CVE-2014-4383
The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header...
Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability
SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4.9 PHP 5.0.x PHP 5.1.x PHP 5.2.x PHP 5.3....
[SECURITY] Fedora 17 Update: rubygem-rack-cache-1.2-1.fc17
Rack::Cache is suitable as a quick drop-in component to enable HTTP caching for Rack-based applications that produce freshness Expires, Cache-Control and /or validation Last-Modified, ETag information...
Web Site Crawler
Crawl a web site and store information about what was found This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Web Site Crawler', 'Description' = 'Crawl a web site and store information about what...
Cross site scripting
Cross-site scripting XSS vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags...
End of support for Office 2016 and Office 2019
None None...