This Metasploit module exploits a Regular Expression Denial of Service vulnerability in the npm module "ua-parser-js". Server-side applications that use "ua-parser-js" for parsing the browser user-agent string will be vulnerable if they call the "getOS" or "getResult" functions. This vulnerability was fixed as of version 0.7.16.
2a6aca049eca293add81b1cc8c3eb87e66a227f63aea60301cdd4683695b7500This Metasploit module exploits a Denial of Service vulnerability in npm module "ws". By sending a specially crafted value of the Sec-WebSocket-Extensions header on the initial WebSocket upgrade request, the ws component will crash.
98c74f3c38dbd290cd2a78fbf6553eec160f9632be33088f3fad3c21cee03619This Metasploit module exploits a Regular Expression Denial of Service vulnerability in the npm module "marked". The vulnerable portion of code that this module targets is in the "heading" regular expression. Web applications that use "marked" for generating html from markdown are vulnerable. Versions up to 0.4.0 are vulnerable.
2acd9d6f5d9c33ca648260f12eeca506e0bb44c3dff8081fbee4316a13071880This Metasploit module exploits some DLINK Access Points that are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin.
a2f0e8cf76051e688f4ad0f0c6c2006837b156b7ef27c777a6a73c0c8435e559
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed