SMS-Stack - Framework to provided TPC/IP based characteristics to the GSM Short Message Service

Sms Stack is a Framework to provided TPC/IP based characteristics to the GSM Short Message Service. This framework works in multiple environments to provided a full stack integration in a service. The main layer features techniques to control the order and the number of sms for a given stream, an...

SUSE-SU-2019:0636-1 Security update for nodejs10

This update for nodejs10 to version 10.1.2 fixes the following issue: Security issue fixed: - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active bsc1127532...

Node.js third-party modules: [listening-processes] Command Injection

I would like to report Command Injection in listening-processes It allows an attacker to execute arbitrary commands. Module module name: listening-processes version: 1.2.0 npm page: https://www.npmjs.com/package/listening-processes Module Description A simple NPM module for retrieving pertinent...

Node.js third-party modules: [md-fileserver] Path Traversal

I would like to report path traversal in md-fileserver modulee It allows an attacker to read system files via path traversal through commandline Module module name: md-fileserver version: 1.3.2 npm page: https://www.npmjs.com/package/md-fileserver Module Description Starts a local server to rende...

Node.js third-party modules: [typeorm] SQL Injection

I would like to report SQL Injection in typeorm. It allows reading data from database. Module module name: typeorm version: 0.2.14 npm page: https://www.npmjs.com/package/typeorm Module Description TypeORM is an ORM that can run in NodeJS, Browser, Cordova, PhoneGap, Ionic, React Native,...

Joyent Node.js Denial of Service Vulnerability (CNVD-2019-42554)

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. The platform is primarily used for building highly scalable applications and writing code that can handle tens of thousands of simultaneous connections to a singl...

Jenkins NodeJS Plugin Remote Code Execution

A remote code execution vulnerability exists in Jenkins NodeJS plugin. Successful exploitation could allow an attacker to execute arbitrary code in the target machine...

Jenkins 2.150.2 - Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Jenkins %q This module can run commands on the system using Jenkins users who has JOB creation and BUILD privileges. The...

Jenkins 2.150.2 - Remote Command Execution Exploit

Exploit for linux platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Jenkins %q This module can run commands on the system using Jenkins...

Photon OS 2.0: Nodejs PHSA-2018-2.0-0093

An update of the nodejs package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0093. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid12199...

Htcap - A Web Application Scanner Able To Crawl Single Page Application (SPA) In A Recursive Manner By Intercepting Ajax Calls And DOM Changes

Htcap is a web application scanner able to crawl single page application SPA in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it's focused on the crawling process and it's aimed to detect and intercept ajax/fetch calls,...

Denial Of Service (DoS)

nodejs-negotiator is vulnerable to denial of service. An attacker able to make an application using Negotiator to perform matching using a malicious glob pattern could cause the application to consume an excessive amount of CPU...

H8Mail - Email OSINT And Password Breach Hunting

Email OSINT and password finder. Use h8mail to find passwords through different breach and reconnaissance services, or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for all those raw HTML files Small and fast Alpine Dockerfile available CLI or Bulk...

Fedora 28 : nodejs-base64-url (2018-b64b73ae61)

Security fix for https://snyk.io/vuln/npm:base64url:20180511 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing addition...

Fedora 28 : nodejs-mixin-deep (2018-ab62814cee)

Security fix for CVE-2018-3719 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

Fedora 28 : 1:nodejs (2018-8049b2c488)

https://nodejs.org/en/blog/release/v8.11.0/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 28 : nodejs-JSV / nodejs-uri-js (2018-373bbbd408)

Update to latest nodejs-uri-js for CVE fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 28 : 1:nodejs (2018-f59d961d7b)

Update for security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora 28 : 1:nodejs (2018-cfe558a202)

August security updates for Node.js Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Fedora 28 : nodejs-deep-extend (2018-636f73964f)

Security fix for CVE-2018-3750 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...