Lucene search
K

168 matches found

Tenable Nessus
Tenable Nessus
added 2021/09/24 12:0 a.m.62 views

EulerOS 2.0 SP8 : nginx (EulerOS-SA-2021-2476)

According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that caus...

9.8CVSS7.9AI score0.03285EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/16 6:10 p.m.54 views

Security Bulletin: A security vulnerability in NGINX ffects IBM Cloud Automation Manager

Summary A security vulnerability in NGINX ffects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack, which exploits TL...

7.4CVSS7.2AI score0.02037EPSS
Exploits0Affected Software1
NCSC
NCSC
added 2021/07/05 12:0 a.m.4 views

Vulnerability discovered in TLS implementations

Researchers have discovered a vulnerability in the way TLS traffic is processed. The vulnerability has been named ALPACA and is caused by the fact that IP addresses and port numbers are not authenticated by TLS. A malicious party with a Man-in-the-Middle position can therefore encrypt network...

7.4CVSS6AI score0.02037EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2021/06/24 6:25 a.m.180 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS3.5AI score0.02037EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2021/06/09 4:39 p.m.134 views

New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites

Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security TLS servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been...

0.2AI score
Exploits0
CNVD
CNVD
added 2020/04/02 12:0 a.m.1 views

Command Execution Vulnerability in AlpacaCMS

AlpacaCMS is an open source lightweight tree CMS system . It is based on php+mysql and b2core MVC as the underlying architecture . AlpacaCMS command execution vulnerability , an attacker can be exploited to execute arbitrary commands to obtain server administrator privileges...

8AI score
Exploits0
myhack58
myhack58
added 2013/08/29 12:0 a.m.14 views

Alpaca the CMS injection and getwebshell code audit study-vulnerability warning-the black bar safety net

Recently in the study of code audit,will go to chinaz looking for a personal gas of a relatively high cms,this fit I just start dropping people Ue batch checked the source code of the entire system are in the injection the injection Well,single quotes Ah,also need to bypass,open the gpc will...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2012/05/28 12:0 a.m.10 views

Alpaca 3.3.2 app/m/elem.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
Rows per page
Query Builder