7911 matches found
CVE-2019-10061
CVE-2019-10061 affects the Node.js OpenCV bindings (node-opencv). The vulnerable component is utils/find-opencv.js , with versions prior to 6.1.0 . Root cause: it does not validate user input, enabling attackers to execute arbitrary commands via a crafted input. Impact is described as Command Inj...
Node.js third-party modules: [listening-processes] Command Injection
I would like to report Command Injection in listening-processes It allows an attacker to execute arbitrary commands. Module module name: listening-processes version: 1.2.0 npm page: https://www.npmjs.com/package/listening-processes Module Description A simple NPM module for retrieving pertinent...
Node.js third-party modules: [serve] Path Traversal
I would like to report path traversal vulnerability in serve module It allows an attacker to read system files via path traversal vulnerability Module module name: serve version: 10.1.2 npm page: https://www.npmjs.com/package/serve Module Description Assuming you would like to serve a static site...
Node.js third-party modules: [md-fileserver] Path Traversal
I would like to report path traversal in md-fileserver modulee It allows an attacker to read system files via path traversal through commandline Module module name: md-fileserver version: 1.3.2 npm page: https://www.npmjs.com/package/md-fileserver Module Description Starts a local server to rende...
Node.js third-party modules: XSS in Bootbox
Hi. Sorry for taking the time with this report. This is already publicly disclosed issue at -https://github.com/makeusabrew/bootbox/issues/661 In essence all dialogs of bootbox vulnurable to XSS injections bootbox.alert"\alert1;"; This is apparently a feature to allow injecting HTML in messages...
Node.js third-party modules: [increments] sql injection
I would like to report SQL Injection in increments. It allows creating fake polls. Module module name: increments version: 1.2.1 npm page: https://www.npmjs.com/package/increments Module Description Increment is a database-driven for creating polls and taking votes for various options, candidates...
Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private - Node.js
Summary IBM Cloud Private, Cloud Foundry for IBM Cloud Private and IBM Cloud Automation Manager are vulnerable to multiple security vulnerabilities in Node.js Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper validation of HT...
Node.js third-party modules: [deliver-or-else] Path Traversal
I would like to report path traversal in deliver-or-else module It allows an attacker to read system files via path traversal through commandline Module module name: deliver-or-else version: 1.0.0 npm page: https://www.npmjs.com/package/deliver-or-else Module Description Copy description from npm...
Node.js third-party modules: [file-browser] Inadequate Output Encoding and Escaping
I would like to report stored xss in file-browser module It allows an attacker to embed malicious js code as filenames,which get executed once browsed to the file over the web browser Module module name: file-browser version: 0.0.5 npm page: https://www.npmjs.com/package/file-browser Module...
Node.js third-party modules: [untitled-model] sql injection
I would like to report VULNERABILITY in MODULE It allows DESCRIBE THE IMPACT OF THE VULNERABILITY - E.G READ ARBITRARY FILES, READ DATA FROM DATABASE ETC Module module name: untitled-model version: 1.0.5 npm page: https://www.npmjs.com/package/untitled-model Module Description Rapid sql query...
Node.js third-party modules: [fileview] Inadequate Output Encoding and Escaping
I would like to report stored xss in fileview module It allows an attacker to embed malicious js code in filename there was no sanitization performed. Module module name:fileview version: 0.1.6 npm page: https://www.npmjs.com/package/fileview Module Description File browsers on web. It's easy to...
PT-2019-17836 · Node.Js +7 · Node.Js +7
Name of the Vulnerable Software and Affected Versions: Node.js versions 6.x before 6.17.0 Node.js versions 8.x before 8.15.1 Node.js versions 10.x before 10.15.2 Node.js versions 11.x before 11.10.1 Description: An attacker can cause a Denial of Service DoS by establishing an HTTP or HTTPS...
Node.js third-party modules: [@azhou/basemodel] SQL injection
I would like to report SQL injection in @azhou/basemodel It allows attacker to read data from database. Module module name: @azhou/basemodel version: 1.0.0 npm page: https://www.npmjs.com/package/@azhou/basemodel Module Description Usage Initialization js var model =...
Joyent Node.js Denial of Service Vulnerability (CNVD-2019-42553)
Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. The platform is primarily used for building highly scalable applications and writing code that can handle tens of thousands of simultaneous connections to a singl...
FreeBSD : Node.js -- multiple vulnerabilities (b71d7193-3c54-11e9-a3f9-00155d006b02)
Node.js reports : Updates are now available for all active Node.js release lines. In addition to fixes for security flaws in Node.js, they also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a fix for a moderate severity security vulnerability. For these releases, we have...
February 2019 Security Releases
February 2019 Security Releases Update 28-February-2018 Security releases available Summary Updates are now available for all active Node.js release lines. In addition to fixes for security flaws in Node.js, they also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a fix for ...
Node.js -- multiple vulnerabilities
Node.js reports: Updates are now available for all active Node.js release lines. In addition to fixes for security flaws in Node.js, they also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2r which contains a fix for a moderate severity security vulnerability. For these releases, we have...
BeEF - The Browser Exploitation Framework Project
What is BeEF? BeEF is short for The BrowserExploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual securi...
Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway
Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper validation of HTTP headers. By sending headers very slowly keeping HTTP or HTTPS connections and associat...
Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux
Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that...