RSS   Vulnerabilities for 'Rendertron'   RSS

2018-12-17
 
CVE-2017-18355

CWE-200
 

 
Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files.

 
 
CVE-2017-18354

CWE-22
 

 
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.

 
 
CVE-2017-18353

CWE-284
 

 
Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application.

 
 
CVE-2017-18352

CWE-79
 

 
Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs.

 

 >>> Vendor: Google 69 Products
Toolbar
TALK
Mini search appliance
Search appliance
Api search
Earth
Desktop
Web toolkit
Custom search engine
Picasa
KML
Android sdk
Google apps
Chrome
Gears
Android
V8
Google sketchup
Chrome os
App engine python sdk
Idapython
Cr-48 chromebook
Chr2000ome
Sketchup
Chrome2000
Chrom2000e
Bionic
Tunnelblick
Admob
Checkout-php
Cityhash
Android sdk tools
Chrome frame
Frame
Google authenticator
Authenticator
Glass
Android api
Search appliance software
Android debug bridge
Android sdk platform tools
Android browser
Nexus 7
Calendar events
Email
Play services sdk
Kubernetes
Android one
Sfntly
GRPC
Google i/o 2017
News and weather
Protobuf
Gmail
Boringssl
Santa
Chromecast firmware
Home firmware
Mod pagespeed
Rendertron
Cardboard
Kubernetes engine
Guava
Tensorflow
Snappy
Nexus 7 firmware
Nexus 9 firmware
Voice builder
Cloud messaging notification


Copyright 2019, cxsecurity.com

 

Back to Top