MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Vulnerability

Exploit for hardware platform in category web applications Exploit: MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Author: LiquidWorm Vendor: Emmanuel Product web page: https://github.com/empierre/MyDomoAtHome https://www.domoticz.com/wiki/ImperiHome...

MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure

Exploit: MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Date: 2019-12-30 Author: LiquidWorm Vendor: Emmanuel Product web page: https://github.com/empierre/MyDomoAtHome https://www.domoticz.com/wiki/ImperiHome https://docs.imperihome.com/app/iss Affected version: 0.2.40...

Exploit for Code Injection in Mongo-Express_Project Mongo-Express

CVE-2019-10758 PoC Setup docker run -p 27017:27017 -...

nodeCrypto v2.0 - Ransomware Written In NodeJs

nodeCrypt is a linux Ransomware written in NodeJs that encrypt predefined files. This project was created for educational purposes, you are the sole responsible for the use of nodeCrypto. Demo video Install server Upload all file of server/ folder on your webserver. Create a sql database and impo...

ALBA-2019:4275 nodejs:12 bug fix update

The following packages have been upgraded to a later upstream version: nodejs 12.13.1. BZ1776116...

12 bug fix update

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The following packages have been upgraded to a later...

GHSA-H9RV-JMMF-4PGX Cross-Site Scripting in serialize-javascript

Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 2.1.1 or later...

Node.js: Remotely trigger an assertion on a TLS server with a malformed certificate string

Summary: Connecting to a NodeJS TLS server with a client certificate that has a type 19 string in its subjectAltName will crash the TLS server if it tries to read the peer certificate. Affected versions include v10.17.0 and v13.1.0. This is related to issue...

Critical Photon OS Security Update - PHSA-2019-0257

Updates of 'yum', 'linux', 'subversion', 'libarchive', 'libxslt', 'binutils', 'linux-esx', 'nodejs', 'python2', 'postgresql', 'libsoup' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2019-0190

Updates of 'ncurses', 'yum', 'libsoup', 'binutils', 'python2', 'postgresql', 'nodejs' packages of Photon OS have been released...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0257

An update of 'libsoup', 'postgresql', 'yum', 'nodejs', 'libxslt', 'binutils', 'libarchive', 'python2' packages of Photon OS has been released...

AZL-44412 CVE-2016-1000236 affecting package nodejs-nodemon 2.0.3-5

Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used...

new module: nodejs:12

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the nodejs:12 module to...

ALEA-2019:3461 new module: nodejs:12

This enhancement update adds the nodejs:12 module to AlmaLinux BZ1685191 For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

new module: nodejs:12

This enhancement update adds the nodejs:12 module to AlmaLinux BZ1685191 For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

Node.js third-party modules: [git-promise] RCE via insecure command formatting

I would like to report a RCE issue in the git-promise module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: git-promise version: 0.3.1 npm page: https://www.npmjs.com/package/git-promise Module Description Simple wrapper that allows you to run any git...

Exploit for OS Command Injection in Rambox

CVE-2019-17625 There is a stored XSS vulnerability in rambox...

63pokupki-nodejs-common (=0.0.2), @63pokupki/nodejs-common (>=0.0.2 <=0.0.85) +1210 more potentially affected by CVE-2019-10757 via knex (>=0.10.0 <=0.19.4)

knex NPM version =0.10.0, =0.0.2, =1.0.10, =0.0.1, =4.0.0, =0.0.1, =0.1.0, =0.0.1, =0.2.0, =0.1.0, =0.1.1, =0.5.0 and more Source cves: CVE-2019-10757 Source advisory: OSV:GHSA-58V4-QWX5-7F59...

Node.js third-party modules: [git-lib] RCE via insecure command formatting

I would like to report a RCE issue in the git-lib module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: git-lib version: 1.6.0 npm page: https://www.npmjs.com/package/git-lib Module Description A library that contains different methods to be consumed ...

Moderate: Red Hat Security Advisory: ovirt-web-ui security and bug fix update

An update for ovirt-web-ui is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...