openSUSE Security Update : nodejs (openSUSE-SU-2013:1863-1)

This update fixes the following security issue with nodejs : - fix CVE-2013-4450: nodejs: HTTP Pipelining DoS bnc846808 CVE-2013-4450-v0.10.x.patch: contains the fix %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

[oss-security] CVE request: various NodeJS module vulnerabilities

Hi all, This is a request for CVEs for the following vulnerabilities discovered by the Node Security Project. I left out their advisories where I could find an assigned CVE; CVE-2013-7370 CVE-2013-7371 CVE-2013-6393 CVE-2013-4660 https://nodesecurity.io/advisories printer potential command...

Nodejs js-yaml load() Code Execution (CVE-2013-4660)

A JavaScript Code Execution vulnerability has been reported in Nodejs...

Fedora 20 : libuv-0.10.18-1.fc20 / nodejs-0.10.21-1.fc20 (2013-19512)

This release contains a security fix for the http server implementation, please upgrade as soon as possible. For more information, see . 2013.10.18, node.js Version 0.10.21 Stable - crypto: clear errors from verify failure Timothy J Fontaine - dtrace: interpret two byte strings Dave Pacheco - fs:...

Fedora Update for nodejs FEDORA-2013-19491

Check for the Version of nodejs OpenVAS Vulnerability Test Fedora Update for nodejs FEDORA-2013-19491 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Fedora Update for nodejs FEDORA-2013-19497

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs FEDORA-2013-19491

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2013-4450

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service memory and CPU consumption by sending a large number of pipelined requests without reading the response...

Nodejs js-yaml load() Code Exec

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Unix Command Shell, Reverse TCP (via nodejs)

Continually listen for a connection and spawn a command shell via nodejs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 3231 include Msf::Payload::Single include...

Command Shell, Bind TCP (via nodejs)

Creates an interactive shell via nodejs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework It would be better to have a commonjs payload, but because the implementations differ so greatly when it comes to require paths f...

Unix Command Shell, Bind TCP (via nodejs)

Continually listen for a connection and spawn a command shell via nodejs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 2239 include Msf::Payload::Single include...

Nodejs - 'js-yaml load()' Code Exec (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Nodejs js-yaml load Code Exec',...

Nodejs js-yaml load() Code Execution Vulnerability

For node.js applications that parse user-supplied YAML input using the load function from the 'js-yaml' package versions below 2.0.5, specifying a self-executing function allows us to execute arbitrary javascript code. This Metasploit module demonstrates that behavior. This file is part of the...

Command Shell, Reverse TCP SSL (via nodejs)

Creates an interactive shell via nodejs, uses SSL This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 831 include Msf::Payload::Single include Msf::Payload::NodeJS include...

Command Shell, Reverse TCP (via nodejs)

Creates an interactive shell via nodejs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework It would be better to have a commonjs payload, but because the implementations differ so greatly when it comes to require paths f...

Fedora Update for nodejs-graceful-fs FEDORA-2013-12908

Check for the Version of nodejs-graceful-fs OpenVAS Vulnerability Test Fedora Update for nodejs-graceful-fs FEDORA-2013-12908 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora Update for nodejs-fstream FEDORA-2013-12908

Check for the Version of nodejs-fstream OpenVAS Vulnerability Test Fedora Update for nodejs-fstream FEDORA-2013-12908 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

Fedora Update for nodejs-glob FEDORA-2013-12908

Check for the Version of nodejs-glob OpenVAS Vulnerability Test Fedora Update for nodejs-glob FEDORA-2013-12908 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Fedora Update for nodejs-lockfile FEDORA-2013-12908

Check for the Version of nodejs-lockfile OpenVAS Vulnerability Test Fedora Update for nodejs-lockfile FEDORA-2013-12908 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...