4389 matches found
Node.js third-party modules: Bypass to defective fix of Path Traversal
I would like to report a Path Traversal vulnerability in localhost-now. It allows to read arbitrary files on the server. This is a bypass on the mitigation of 312889 . Module module name: localhost-now version: 1.0.2 npm page: https://www.npmjs.com/package/localhost-now Module Description Am I th...
Directory Traversal
nodejsccc is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...
Directory Traversal
nodejsliamgb is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...
XVNA - Extreme Vulnerable Node Application
XVNA is an extreme vulnerable node application coded in NodejsExpressjs/MongoDB that helps security enthusiasts to learn application security. it's not counseled to host this application online as it is intended to be Vulnerable. We tend to suggest hosting this application in native setting and...
Joyent Node.js moment module denial of service vulnerability
Joyent Node.js is the United States Joyent company's set of web applications built on Google V8 JavaScript engine on top of the platform . moment is one of the JavaScript date processing library . A security vulnerability exists in the Joyent Node.js moment module. The vulnerability can be...
ejs vulnerable to DoS due to weak input validation
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in ejs.renderFile...
Sony Playstation 4 (PS4) 5.01 - WebKit (PoC) Exploit
Exploit for hardware platform in category dos / poc PS4 5.01 WebKit Exploit PoC =========================== Based on: - CVE-2017-7005 - PegaSwitch Copyright 2017 ReSwitched Team - 4.0x exploit by qwertyoruiopz This exploit supports 5.01 maybe others! Installation ============ 1. Install the lates...
Sony Playstation 4 (PS4) 5.01 5.05 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 5.01 5.05 - WebKit Code Execution PoC PS4 5.01 WebKit Exploit PoC =========================== Based on: - CVE-2017-7005 - PegaSwitch Copyright 2017 ReSwitched Team - 4.0x exploit by qwertyoruiopz This exploit supports 5.01 maybe others! Installation ============ 1. Install...
Dr. Mine - Tool To Aid Automatic Detection Of In-Browser Cryptojacking
Dr. Mine is a node script written to aid automatic detection of in-browser cryptojacking. The most accurate way to detect things that happen in a browser is via browser itself. Thus, Dr. Mine uses puppeteer to automate browser thingy and catches any requests to online cryptominers. When a request...
Node.js third-party modules: Media parsing in canvas is at least vulnerable to Denial of Service through multiple vulnerabilities
There is at least a DoS vulnerability in canvas. It segfaults node.js which leads to a Denial of Service, but according to !exploitable it could possibly be worse Module canvas node-canvas is a Cairo backed Canvas implementation for NodeJS. https://www.npmjs.com/package/canvas version: 1.6.9 Stat...
Injectify - Perform Advanced MiTM Attacks On Websites With Ease
A modern BeEF inspired framework for the 21st century. Cross-platform clients = Web in-browser and Desktop Electron. Created from-scratch using pure NodeJS and Typescript. What can it do? Create a reverse Javascript shell between the victim and the attacker. Records keystrokes and logs them to a...
Fedora 27 : 1:nodejs (2017-336197c5a0)
https://github.com/nodejs/node/blob/v8.6.0/doc/changelogs/CHANGELOGV8 .md https://groups.google.com/forum/!topic/nodejs-sec/EatXB-MujW0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...
Fedora 27 : nodejs-forwarded (2017-899c5f6a86)
Update to upstream 0.1.2 release for security issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 27 : 1:nodejs (2017-e6be32cb7a)
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOGV8 .md8.9.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
SUSE-SU-2018:0002-1 Security update for nodejs4
This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL bsc1072322. - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to...
Fedora Update for nodejs FEDORA-2017-e6be32cb7a
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 27 Update: nodejs-8.9.3-2.fc27
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
ALPINE-CVE-2017-15897
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...
UBUNTU-CVE-2017-15896
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...
Fedora Update for nodejs-brace-expansion FEDORA-2017-2522df3526
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...