1138 matches found
CVE-2017-16014
Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service...
Unspecified vulnerability in Http-proxy
Http-proxy is a full-featured HTTP proxy for Node.js. A security vulnerability exists in Http-proxy versions prior to 0.7.0. An attacker can exploit this vulnerability to cause a denial of service server crash...
Unspecified vulnerability in proxy.js
proxy.js is an HTTP proxy. A security vulnerability exists in proxy.js. An attacker can exploit this vulnerability to steal environment variables...
CVE-2018-3739
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter e.g. JSON...
CVE-2017-16014
Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service...
Denial of service
Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service...
CVE-2017-16014
Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service...
CVE-2017-16014
Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service...
CVE-2017-16014
CVE-2017-16014 affects the http-proxy library (Node.js). Older versions pre-0.7.0 mishandled errors, allowing an attacker who forces an error to crash the server, causing a denial of service. Public advisories (GitHub GHSA-9XW9-PVGV-6P76; OSV/Red Hat/Debian entries) confirm the vulnerability in a...
Tracking tens of thousands of kids worldwide
tl;dr Gator Watch - a GPS watch for kids - is leaking data in all ends and anyone on the Internet can live track your kid. We're not talking about a security vulnerability, we're talking about non-existing security. Summary Who: Gator Watch Severity level: Critical Reported: August 2017 Reception...
Denial of Service
Overview Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer. Recommendation Update to version 2.1.0 or later. References -...
JCS - Joomla Vulnerability Component Scanner
JCS Joomla Component Scanner made for penetration testing purpose on Joomla CMS JCS can help you with the latest component vulnerabilities and exploits. The database can update from several resources and a Crawler has been implemented to find components and component's link. This version supports...
PenCrawLer - An Advanced Web Crawler And DirBuster
An Advanced Web Crawler and DirBuster PeNCrawLer is an advanced webcrawler and dirbuster designed to using in penetration testing based on Windows Os. Web Crawler Features: Follow Redirects Rendering Javascript Extract links from custom HTML-Elements Extract links with Regex-Pattern Black-List...
Denial Of Service (DoS) Through Uninitialized Memory Leak
http-proxy-agent is susceptible to denial of service DoS. auth parameters are passed to the buffer constructor without proper sanitization, leading to DoS via uninitialized memory leak...
Update rollup 8.0.11049.0 for Microsoft Monitoring Agent (KB4015075)
Update rollup 8.0.11049.0 for Microsoft Monitoring Agent KB4015075 Summary This article describes the issues that are fixed in update rollup 8.0.11049.0 for the Microsoft Monitoring Agent. It also contains installation instructions for the update rollup. Fixes that are included in this update...
Node.js third-party modules: `http-proxy-agent` passes unsanitized options to Buffer(arg), resulting in DoS and uninitialized memory leak
I would like to report a Buffer allocation vulnerability in http-proxy-agent. In setups where auth argument is user-controlled, it allows to: cause Denial of Service by trivially consuming all the available CPU resources extract uninitialized memory chunks from the server on Node.js This module...
CVE-2017-9271
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...
CVE-2017-9271
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...
Design/Logic Flaw
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...
CVE-2017-9271
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...