openSUSE: Security Advisory for nodejs18 (SUSE-SU-2023:0419-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K24444803: Node.js vulnerabilities CVE-2015-8860, CVE-2015-8856, CVE-2016-7099, and CVE-2016-5325

Security Advisory Description CVE-2015-8860 The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. CVE-2015-8856 Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote...

SUSE: Security Advisory (SUSE-SU-2023:0408-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Node.JS - 'node-serialize' Remote Code Execution (2)

Exploit Title: Node.JS - 'node-serialize' Remote Code Execution 2 Exploit Author: UndeadLarva Software Link: https://www.npmjs.com/package/node-serialize Version: 0.0.4 CVE: CVE-2017-5941 import requests import re import base64 import sys url = 'http://192.168.100.133:8000/' change this payload =...

HTTP Response Splitting

nodejs is vulnerable to HTTP response splitting. This is due to a lack of validation for permitted characters in the reason argument in ServerResponsewriteHead function. An attacker is able to inject arbitrary HTTP headers into the server response via the affected argument and perform HTTP respon...

Crlf injection

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

CVE-2016-5325

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

Security updates for all active release lines, September 2016

Security updates for all active release lines, September 2016 Update 27-September-2016 Releases available Updates are now available for all active Node.js release lines. These include the recently published versions of OpenSSL 1.0.1 and 1.0.2 as well as fixes for some Node.js-specific...

CVE-2016-5325

It was found that the reason argument in ServerResponsewriteHead was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request...