168 matches found
EulerOS 2.0 SP8 : nginx (EulerOS-SA-2021-2476)
According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that caus...
Security Bulletin: A security vulnerability in NGINX ffects IBM Cloud Automation Manager
Summary A security vulnerability in NGINX ffects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack, which exploits TL...
Vulnerability discovered in TLS implementations
Researchers have discovered a vulnerability in the way TLS traffic is processed. The vulnerability has been named ALPACA and is caused by the fact that IP addresses and port numbers are not authenticated by TLS. A malicious party with a Man-in-the-Middle position can therefore encrypt network...
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...
New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites
Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security TLS servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been...
Command Execution Vulnerability in AlpacaCMS
AlpacaCMS is an open source lightweight tree CMS system . It is based on php+mysql and b2core MVC as the underlying architecture . AlpacaCMS command execution vulnerability , an attacker can be exploited to execute arbitrary commands to obtain server administrator privileges...
Alpaca the CMS injection and getwebshell code audit study-vulnerability warning-the black bar safety net
Recently in the study of code audit,will go to chinaz looking for a personal gas of a relatively high cms,this fit I just start dropping people Ue batch checked the source code of the entire system are in the injection the injection Well,single quotes Ah,also need to bypass,open the gpc will...
Alpaca 3.3.2 app/m/elem.php SQL注入漏洞
No description provided by source...