Sony Playstation 4 (PS4) 5.01 - WebKit (PoC) Exploit

Exploit for hardware platform in category dos / poc PS4 5.01 WebKit Exploit PoC =========================== Based on: - CVE-2017-7005 - PegaSwitch Copyright 2017 ReSwitched Team - 4.0x exploit by qwertyoruiopz This exploit supports 5.01 maybe others! Installation ============ 1. Install the lates...

Sony Playstation 4 (PS4) 5.01 5.05 - WebKit Code Execution (PoC)

Sony Playstation 4 PS4 5.01 5.05 - WebKit Code Execution PoC PS4 5.01 WebKit Exploit PoC =========================== Based on: - CVE-2017-7005 - PegaSwitch Copyright 2017 ReSwitched Team - 4.0x exploit by qwertyoruiopz This exploit supports 5.01 maybe others! Installation ============ 1. Install...

Dr. Mine - Tool To Aid Automatic Detection Of In-Browser Cryptojacking

Dr. Mine is a node script written to aid automatic detection of in-browser cryptojacking. The most accurate way to detect things that happen in a browser is via browser itself. Thus, Dr. Mine uses puppeteer to automate browser thingy and catches any requests to online cryptominers. When a request...

Node.js third-party modules: Media parsing in canvas is at least vulnerable to Denial of Service through multiple vulnerabilities

There is at least a DoS vulnerability in canvas. It segfaults node.js which leads to a Denial of Service, but according to !exploitable it could possibly be worse Module canvas node-canvas is a Cairo backed Canvas implementation for NodeJS. https://www.npmjs.com/package/canvas version: 1.6.9 Stat...

Injectify - Perform Advanced MiTM Attacks On Websites With Ease

A modern BeEF inspired framework for the 21st century. Cross-platform clients = Web in-browser and Desktop Electron. Created from-scratch using pure NodeJS and Typescript. What can it do? Create a reverse Javascript shell between the victim and the attacker. Records keystrokes and logs them to a...

Fedora 27 : nodejs-forwarded (2017-899c5f6a86)

Update to upstream 0.1.2 release for security issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 27 : 1:nodejs (2017-e6be32cb7a)

https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOGV8 .md8.9.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora 27 : 1:nodejs (2017-336197c5a0)

https://github.com/nodejs/node/blob/v8.6.0/doc/changelogs/CHANGELOGV8 .md https://groups.google.com/forum/!topic/nodejs-sec/EatXB-MujW0 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

SUSE-SU-2018:0002-1 Security update for nodejs4

This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL bsc1072322. - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to...

Fedora Update for nodejs FEDORA-2017-e6be32cb7a

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 27 Update: nodejs-8.9.3-2.fc27

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

UBUNTU-CVE-2017-15896

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

ALPINE-CVE-2017-15897

Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc0x100, "This is not correctly encoded", "hex";' The buffer implementation was updated such that the buffer will...

Fedora Update for nodejs-balanced-match FEDORA-2017-2522df3526

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs-brace-expansion FEDORA-2017-2522df3526

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 26 Update: nodejs-balanced-match-0.4.2-4.fc26

Match balanced character pairs, like "" and ""...

ejs is vulnerable to remote code execution due to weak input validation

nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile function...

Fedora Update for nodejs FEDORA-2017-5c17b4934f

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

npm/KyleRoss windows-cpu command injection vulnerability

npm/KyleRoss windows-cpu is an American software developer KyleRoss developed a set of CPU monitoring program for use on the Windows platform. A command injection vulnerability exists in npm/KyleRoss windows-cpu. An attacker can exploit the vulnerability to execute code as a Node.js user...

CVE-2017-1000189

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile...