Node.js third-party modules: Application level denial of service due to shutting down the server

Module module name: http-live-simulator version: 1.0.7 npm page: https://www.npmjs.com/package/http-live-simulator Description I've found a way to crash the server due to the way it parses URL Steps To Reproduce: 1- Install the module : npm install -g http-live-simulator 2- Run the server :...

Schneider Electric UnityPro PLC simulator remote code execution vulnerability

Summary An exploitable remote code execution vulnerability exists in the UMAS strategy programming functionality of the Schneider Electric Unity Pro L Programming Software PLC Simulator. A specially crafted sequence of UMAS commands sent to the software’s PLC simulator can cause a modified strate...

May 14, 2019—KB4499181 (OS Build 15063.1805)

May 14, 2019—KB4499181 OS Build 15063.1805 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1703. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...

May 14, 2019—KB4499149 (Monthly Rollup)

May 14, 2019—KB4499149 Monthly Rollup Customers who have applied KB4489887 or later Monthly Rollup Packages to Microsoft Server 2008 SP2 may notice a change to the operating system version string. The “build number” component of the version string increases by 1, and the revision number decreases...

Rockwell Automation 1789-SIM 32 Point Input/Output Simulator

Binary data 753841.prm...

Rockwell Automation 1756-SIM/A Simulator Digital I/O

Binary data 752548.prm...

GE IC694ACC300 PACSystems RX3i DC Voltage Input Simulator Detection

Binary data 755391.prm...

GHSA-2HHW-P8MG-JRM6 Path Traversal in http-live-simulator

Versions of http-live-simulator prior to 1.0.6 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 1.0.6...

Path Traversal in http-live-simulator

Versions of http-live-simulator prior to 1.0.6 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 1.0.6...

Directory Traversal

http-live-simulator is vulnerable to directory traversal. The http-live-simulator module does not validate the URL pathname and allows remote attacker to retrieve arbitrary system files using the ../ charatcers...

Path Traversal

Overview Versions of http-live-simulator prior to 1.0.6 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 1.0.6 References - HackerOne Report - GitHub Advisory...

http-live-simulator path traversal vulnerability

http-live-simulator is an HTTP file server. A path traversal vulnerability exists in the http-live-simulator npm package version 1.0.5, which stems from a failure of a networked system or product to properly filter for special elements in the path of a resource or file. An attacker could use this...

CVE-2019-5423

Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker...

Path traversal

Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker...

CVE-2019-5423

CVE-2019-5423 concerns the http-live-simulator npm package (v1.0.5) with a path traversal vulnerability caused by insufficient input sanitization. The vulnerability allows a remote attacker to access arbitrary files on the server by manipulating the requested path. Multiple connected sources (Git...

BoNeSi - The DDoS Botnet Simulator

BoNeSi , the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks. What traffic can be generated? BoNeSi generates ICMP, UDP and TCP HTTP flooding attacks from a defined botnet size different IP...

CANalyzat0r - Security Analysis Toolkit For Proprietary Car Protocols

This software project is a result of a Bachelor's thesis created atSCHUTZWERK in collaboration with Aalen University by Philipp Schmied. Please refer to the correspondingblog post for more information. Why another CAN tool? Built from scratch with new ideas for analysis mechanisms Bundles feature...

GHSA-7C9W-QMRQ-FF8R Path Traversal in http-live-simulator

Versions of http-live-simulator prior to 1.0.7 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. For example: curl --path-as-is http://localhost:8080//../../../../etc/passwd. Recommendation Upgrade to version 1.0.7...

CVE-2018-16479

Path traversal vulnerability in http-live-simulator 1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL...

Path traversal

Path traversal vulnerability in http-live-simulator 1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL...