nodejs:20 security update

nodejs 1:20.19.2-1 - Update to version 20.19.2 Fixes: CVE-2025-23166 Resolves: RHEL-91595 RHEL-89598 RHEL-92854 1:20.19.1-1 - Update to version 20.19.1 Resolves: RHEL-78763 1:20.18.2-4 - Update c-ares to 1.34.5 to address CVE-2025-31498 1:20.18.2-3 - Remove obsolete lua pretransaction script from...

nodejs:22 security update

nodejs 1:22.15.0-1 - Update to 22.15.0 - Drop upstream patches Resolves: RHEL-87319 RHEL-86586 1:22.13.1-4 - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87319 1:22.13.1-3 - Update c-ares to newest version with fix for CVE-2025-31498 Resolves: RHEL-86586 1:22.13.1-2 - Remove obsolete lua...

CVE-2022-35946

GLPI vulnerability CVE-2022-35946 is a misvalidation in the plugin controller that can expose the low-level Plugin class API. An attacker with General setup rights can alter database data via this input handling flaw. The recommended fix is upgrading GLPI to version 10.0.3; as a workaround, remov...

WebKit: UXSS via ContainerNode::parserInsertBefore(CVE-2017-2508)

VULNERABILITY DETAILS From /WebKit/Source/core/dom/ContainerNode.cpp: void ContainerNode::parserInsertBeforePassRefPtrWillBeRawPtr newChild, Node& nextChild ... while RefPtrWillBeRawPtr parent = newChild-parentNode parent-parserRemoveChildnewChild; if document != newChild-document...

SUSE-SU-2016:2090-1 Security update for apache2

This update for apache2 fixes the following issues: - It used to be possible to set an arbitrary $HTTPPROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request CVE-2016-5387. As a result, these server components would...

Orion Application Server Cross Site Scripting

R08-08: Several XSS on Orion Application server 2.0 to 2.0.8 Vulnerability found: May 2008 Revalidated 23 July 2009 Vendor informed: 27th July 09 Vulnerability fixed: Severity: Medium Description: Various Orion application application server example pages are vulnerable to XSS. Orion application...

alya.cgi CGI Backdoor Detection

alya.cgi was found on the remote system. This script is likely a CGI based backdoor distributed with multiple rootkits. This script was written by Jason Lidow Changes by Tenable: - Overhauled description, added Synopsis/Reference/Solution 12/8/2008 include"compat.inc"; if description scriptid1111...

zml.cgi.txt

-----BEGIN PGP SIGNED MESSAGE----- --blackshell security advisory no2-- --zml.cgi remote exploit-- vendor details & history zml.cgi for webservers by jero.cc http://www.jero.cc/zml/zml.html details of exploit this is a classic CGI bug which uses ../../../../ to read remote files. example:...

Way-board way-board.cgi db Parameter Arbitrary File Access

The 'way-board' CGI is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription scriptid10610;...