FreeBSD : Node.js -- remote DOS security vulnerability (d7d1cc94-b971-11e7-af3a-f1035dd0da62)

Node.js reports : Node.js was susceptible to a remote DoS attack due to a change that came in as part of zlib v1.2.9. In zlib v1.2.9 8 became an invalid value for the windowBits parameter and Node's zlib module will crash or throw an exception depending on the version %NASLMINLEVEL 70300 C Tenabl...

KeystoneJS 4.0.0-beta.5 Unauthenticated Stored Cross Site Scripting

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15878 Vendor Description...

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS...

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform:...

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15879 Vendor...

KeystoneJS 4.0.0-beta.5 Unauthenticated Stored Cross Site Scripting Vulnerability

Exploit for jsp platform in category web applications Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS...

KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15879 Vendor...

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15878 Vendor Description...

KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vulnerability

KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated CSV injection vulnerability in admin/server/api/download.js and lib/list/getCSVData.js Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contac...

Moderate severity vulnerability that affects validator

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...

GHSA-QPJP-7RP2-9C3F Moderate severity vulnerability that affects validator

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag...

dns-sync command injection vulnerability

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...

GHSA-Q5PQ-PGRV-FH89 dns-sync command injection vulnerability

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function...

Moderate severity vulnerability that affects validator

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag...

Moderate severity vulnerability that affects validator

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via vectors related to UI redressing...

GHSA-552W-RQG8-GXXM Moderate severity vulnerability that affects validator

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via vectors related to UI redressing...

GHSA-RH6C-Q938-3R9Q Moderate severity vulnerability that affects validator

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...

High severity vulnerability that affects electron

Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line...

GHSA-GVCJ-PFQ2-WXJ7 High severity vulnerability that affects electron

Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line...

DOS security vulnerability, October 2017

DOS security vulnerability, October 2017 Update 24-October-2017 Releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerability identified in the initial announcement. We recommend that all users upgrade as soon as possible...