4389 matches found
CSRFT - Cross Site Request Forgeries (Exploitation) Toolkit
This project has been developed to exploit CSRF Web vulnerabilities and provide you a quick and easy exploitation toolkit. In few words, this is a simple HTTP Server in NodeJS that will communicate with the clients victims and send them payload that will be executed using JavaScript. This has bee...
Best Self Hosted Alternatives
Best Self Hosted Alternatives Analytics AWStats Generates web, streaming, ftp or mail server statistics graphically. Source Code GPLv3 Perl Countly Real time mobile & web analytics, crash reporting and push notifications platform. Source Code AGPLv3 Javascript Druid A distributed, column-oriented...
[ MDVSA-2015:228 ] nodejs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:228 http://www.mandriva.com/en/support/security/ Package : nodejs Date : May 6, 2015 Affected: Business Server 2.0 Problem Description: Updated nodejs package fixes security vulnerability: It was found that...
Updated nodejs packages fix security vulnerabilities
Updated nodejs package fixes security vulnerability: It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges CVE-2015-0278. The libuv library is bundled with nodejs, and a fixed version of libuv is included wi...
MGASA-2015-0186 Updated nodejs packages fix security vulnerabilities
Updated nodejs package fixes security vulnerability: It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges CVE-2015-0278. The libuv library is bundled with nodejs, and a fixed version of libuv is included wi...
Mandriva Linux Security Advisory : nodejs (MDVSA-2015:142)
Updated nodejs package fixes security vulnerabilities : A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and...
Fedora 20 : libuv-0.10.34-1.fc20 / nodejs-0.10.36-3.fc20 / v8-3.14.5.10-17.fc20 (2015-2310)
nodejs - tls: re-add 1024-bit SSL certs removed by f9456a2 Chris Dickinson - timers: don't close interval timers when unrefd Julien Gilli - timers: don't mutate unref list while iterating it Julien Gilli - childprocess: check execFile args is an array Sam Roberts - childprocess: check fork args i...
Fedora Update for nodejs FEDORA-2015-2310
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
libuv -- incorrect revocation order while relinquishing privileges
Nodejs releases reports: CVE-2015-0278 This may potentially allow an attacker to gain elevated privileges...
[SECURITY] Fedora 22 Update: compat-libuv010-0.10.34-1.fc22
Compatibility libuv library for nodejs 0.10.x...
Fedora 21 : libuv-0.10.34-1.fc21 / nodejs-0.10.36-3.fc21 / v8-3.14.5.10-17.fc21 (2015-2313)
nodejs - tls: re-add 1024-bit SSL certs removed by f9456a2 Chris Dickinson - timers: don't close interval timers when unrefd Julien Gilli - timers: don't mutate unref list while iterating it Julien Gilli - childprocess: check execFile args is an array Sam Roberts - childprocess: check fork args i...
Fedora Update for nodejs FEDORA-2015-2313
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Javascript Injection For Eval-Based Unpackers
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/jsobfu' class Metasploit3 'Javascript Injection for Eval-based Unpackers', 'Description' = %q This module generates a...
Javascript Injection for Eval-based Unpackers
This module generates a Javascript file that executes arbitrary code when an eval-based unpacker is run on it. Works against js-beautify's PACKER unpacker. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
AZL-45312 CVE-2015-1164 affecting package nodejs-nodemon 2.0.3-5
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...
Fedora Update for nodejs FEDORA-2014-15411
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for nodejs FEDORA-2014-15390
Check the version of nodejs SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868601";...
Fedora Update for nodejs FEDORA-2014-15379
Check the version of nodejs SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868604";...
Fedora 21 : libuv-0.10.29-1.fc21 / nodejs-0.10.33-1.fc21 (2014-15411) (POODLE)
This release handles the recent POODLE vulnerability by disabling SSLv2/SSLv3 by default for the most predominate uses of TLS in Node.js. It took longer than expected to get this release accomplished in a way that would provide appropriate default security settings, while minimizing the surface...
DEBIAN-CVE-2014-7191
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...