654 matches found
Design/Logic Flaw
Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload...
Denial of service
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds...
CVE-2017-16114
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds...
CVE-2017-16021
uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...
Design/Logic Flaw
prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10694
alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary...
CVE-2014-10064
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...
CVE-2018-3728
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existi...
Drupal Search 404 Cross-Site Scripting Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Search 404 is one of the modules that searches for keywords in the URL. A cross-site scripting vulnerability exists in the Drupal Search 404 module, which stems from the program failing...
Drupal LDAP Module Security Bypass Vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A security bypass vulnerability exists in the Drupal LDAP module. It allows an attacker to provide unexpected input and potentially bypass the input validation protection...
Drupal Open Atrium Module Cross-Site Request Forgery Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Open Atrium module is a collaborative team development module based on the Drupal platform. Multiple cross-site request forgery vulnerabilities exist in subcomponents of the Drupal Open...
CVE-2018-4834
A vulnerability has been identified in Desigo PXC00-E.D V4.10 All versions V4.10.111, Desigo PXC00-E.D V5.00 All versions V5.0.171, Desigo PXC00-E.D V5.10 All versions V5.10.69, Desigo PXC00-E.D V6.00 All versions V6.0.204, Desigo PXC00/64/128-U V4.10 All versions V4.10.111 only with web module,...
Unspecified Vulnerability in Oracle Banking Corporate Lending Component
Oracle Financial Services Applications is the United States Oracle Oracle company's set of core banking, online banking and property management in one of the financial services software. Oracle Banking Corporate Lending is one of the bank loan management component. A security vulnerability exists...
UBUNTU-CVE-2014-3744
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path...
vBulletin VBSEO 'visitormessage.php' Remote Code Injection Vulnerability
vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program. vBulletin VBSEO module is one of the SEO management module . A security vulnerability exists in the functionsvbseohook.php file in the vBulletin VBSEO module...
UBUNTU-CVE-2017-10789
The DBD::mysql module through 4.043 for Perl uses the mysqlssl=1 setting to mean that SSL is optional even though this setting's documentation has a "your communication with the server will be encrypted" statement, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrad...
Drupal Password Reset Landing Page Module Access Bypass Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Password Reset Landing Page Module is a password reset page module. An access bypass vulnerability exists in the Drupal Password Reset Landing Page Module. This vulnerability can be...
For the Node. js in the node-serialize module deserialization vulnerability the subsequent analysis-vulnerability warning-the black bar safety net
Of the Node. js serialization remote command execution vulnerabilities of a number of follow-up found and how to develop the attack load. A few days ago I was in opsecx blog found an article How to use a named node-serialize nodejs module in the RCE remote code execution error blog. The article...
Drupal Hubspot CTA module cross-site scripting vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Hubspot CTA is one of the modules that displays the Hubspot CTA button by creating a Bean block. A cross-site scripting vulnerability exists in the Drupal Hubspot CTA module that can be...
The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.
The vulnerability in the modproxy module of the Apache HTTP Server when reverse proxy is enabled allows malicious actors to cause a service failure by using a specially crafted HTTP Connection header...