4389 matches found
CVE-2017-1000189
CVE-2017-1000189 concerns the Node.js EJS template library. Affected: ejs versions older than 2.5.5. Root cause: weak input validation in the function ejs.renderFile(). Impact: denial-of-service as described in the CVE entry. Exploitation details are not provided in the connected documents. Refer...
CVE-2017-1000189
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile...
CVE-2017-1000228
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile function...
CVE-2017-1000188
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile resulting in code injection...
Fedora Update for nodejs FEDORA-2017-c582c1e728
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2017-14919
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service uncaught exception and crash by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter...
Fedora Update for nodejs-forwarded FEDORA-2017-042c59fab9
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for nodejs-forwarded FEDORA-2017-afb05e0873
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 26 : nodejs-forwarded (2017-afb05e0873)
Update to upstream 0.1.2 release for security issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 25 : nodejs-forwarded (2017-042c59fab9)
Update to upstream 0.1.2 release for security issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
[SECURITY] Fedora 26 Update: nodejs-forwarded-0.1.2-1.fc26
Parse HTTP X-Forwarded-For header...
[SECURITY] Fedora 25 Update: nodejs-forwarded-0.1.2-1.fc25
Parse HTTP X-Forwarded-For header...
nodejs-tough-cookie: Regular expression denial of service
A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU...
Command Injection In NodeJS Debugger
NodeJS is vulnerable to command injection. The debugger listens on "any" address instead of 127.0.0.1 by default...
NodeJS Debugger Command Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "NodeJS Debugger Command Injection", 'Description' = %q This module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 t...
NodeJS Debugger - Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "NodeJS Debugger Command Injection", 'Description' = %q This module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 t...
NodeJS Debugger Command Injection Exploit
This Metasploit module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 to evaluate arbitrary JS and call out to other system commands. The port default 5858 is not exposed non-locally in default configurations, but may be exposed either intentionally or via...
nodejs-qs: Prototype override protection bypass
It was found that ljharb's qs module for Node.js did not properly parse query strings. An attacker could send a specially crafted query that overwrites the resulting object's prototype properties such as toString or hasOwnProperty, resulting in a denial of service when the overwritten function...
NodeJS Debugger Command Injection
This module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 to evaluate arbitrary JS and call out to other system commands. The port default 5858 is not exposed non-locally in default configurations, but may be exposed either intentionally or via misconfiguration. Th...
openSUSE Security Update : nodejs4 / nodejs6 (openSUSE-2017-948)
This update for nodejs4 and nodejs6 fixes the following issues : Security issues fixed : - CVE-2017-1000381: The c-ares function aresparsenaptrreply could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. bsc1044946...