4389 matches found
Swagger exposed a remote code execution vulnerability affects Java, PHP, NodeJS and many other development languages-vulnerability warning-the black bar safety net
Vulnerability description The Swagger specification is widely used in Html, PHP, Java and Ruby and other popular languages to develop applications, which has recently been exposed a remote code execution vulnerability, the potential impact on Java, PHP, NodeJS and Ruby and other popular languages...
JSON Swagger CodeGen Parameter Injector
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Gems require 'base64' Project require 'msf/core' class MetasploitModule 'JSON Swagger CodeGen Parameter Injector', 'Description' = %q This module generates a Open API...
Fedora Update for nodejs FEDORA-2016-f90dc5ee3e
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Swagger Vulnerability Leads to Arbitrary Code Injection
An unexpected behavior in a relatively new and popular open source API framework called Swagger could lead to code execution, researchers at Rapid7 said. The company today disclosed some details on the vulnerability, and released a Metasploit exploit module and a proposed patch written by...
BrowserBackdoor - Secure JavaScript WebSocket Backdoor and a Ruby Command-Line Listener
BrowserBackdoor is an Electron application that uses a JavaScript WebSocket Backdoor to connect to the listener. BrowserBackdoorServer is a WebSocket server that listens for incoming WebSocket connections and creates a command-line interface for sending commands to the remote system. The JavaScri...
openSUSE: Security Advisory for nodejs (openSUSE-SU-2016:1566-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : nodejs (openSUSE-2016-715)
This update for nodejs to version 4.4.5 fixes the several issues. These security issues introduced by the bundled openssl were fixed by going to version 1.0.2h : - CVE-2016-2107: The AES-NI implementation in OpenSSL did not consider memory allocation during a certain padding check, which allowed...
Security update for nodejs (important)
This update for nodejs to version 4.4.5 fixes the several issues. These security issues introduced by the bundled openssl were fixed by going to version 1.0.2h: - CVE-2016-2107: The AES-NI implementation in OpenSSL did not consider memory allocation during a certain padding check, which allowed...
Fedora Update for nodejs FEDORA-2016-c36ab3e363
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Joyent Node.js marked denial of service vulnerability
Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. marked is a Markdown parser and compiler. A denial of service vulnerability exists in Joyent Node.js marked, which allows remote attackers to conduct denial of service attacks by submitting a specially...
Joyent Node.js tar Sensitive Information Disclosure Vulnerability
Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in the Joyent Node.js tar allows remote attackers to overwrite and extract targets outside of a specific directory via a symbolic link attack...
Joyent Node.js serve-index cross-site scripting vulnerability
Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A cross-site scripting vulnerability exists in the Joyent Node.js serve-index, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtai...
Joyent Node.js ms Denial of Service Vulnerability
Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A denial of service vulnerability exists in Joyent Node.js ms due to the program failing to properly parse long version strings. This allows remote attackers to conduct denial of service attacks by...
Fedora Update for nodejs-buffertools FEDORA-2016-6
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for nodejs-request FEDORA-2016-6
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for nodejs-gdal FEDORA-2016-6
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for nodejs-fs-ext FEDORA-2016-6
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for nodejs FEDORA-2016-6
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for nodejs-libxmljs FEDORA-2016-6
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for nodejs-node-expat FEDORA-2016-6
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...