CVE-2023-38689

Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...

MGASA-2023-0175 Updated apache-mod_security packages fix security vulnerability

HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall CVE-2022-48279 Incorrect handling of '\0' bytes in file uploads in ModSecurity may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules...

CVE-2023-28882

A vulnerability was found in Mod Security. When certain inputs are used in certain configurations, this issue can result in a segfault and cause a worker process crash. A high volume of these requests sent quickly can lead to the server becoming slow or unresponsive to legitimate requests...

Debian: Security Advisory (DLA-34-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:0431-1 Security update for apache2-mod_security2

This update for apache2-modsecurity2 fixes the following issues: - CVE-2023-24021: Fixed FILESTMPCONTENT missing complete content bsc1207379...

SUSE CVE-2012-4528

The modsecurity2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data...

The vulnerability of the ajax_mod_security.php implementation of the application for managing servers on CentOS Web Panel allows a hacker to execute arbitrary code.

The vulnerability of the ajaxmodsecurity.php implementation of the application for managing servers on CentOS Web Panel is related to the failure to take measures to eliminate special elements in the string entered by the user when processing the archivo parameter. Exploiting this vulnerability m...

OESA-2022-1970 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range...

City: Skylines developers warn of rogue mod

Players of the popular city-building simulator and video game City: Skylines need to check devices for rogue code lurking in mods related to a rework of something called Harmony, essential for modding across several titles. The threat arrives in a broader landscape—video game modding—already know...

AZL-44934 CVE-2021-42717 affecting package mod_security for versions less than 2.9.7-8

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...

CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-44600)

CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxmodsecurity.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from the program failing to properly validate a system call before executing it with ...

CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-44636)

CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxmodsecurity.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from a failure to properly validate user-supplied strings before executing system...

CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-44602)

CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxmodsecurity.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from a failure to properly validate user-supplied strings before executing system...

CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-44635)

CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxmodsecurity.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from a failure to properly validate user-supplied strings before executing system...

CVE-2020-15623

This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

CVE-2020-15423

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the dominio parameter, the process...

CVE-2020-15421

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the checkip parameter, the process...

CVE-2020-15422

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

CVE-2020-15424

This CVE (CVE-2020-15424) affects CentOS Web Panel (cwp-e17.0.9.8.923). The flaw is in ajax_mod_security.php when parsing the domain parameter, where unvalidated user input is used to execute a system call, allowing remote code execution as root without authentication. Documented impact mirrors Z...

CVE-2020-15422

CVE-2020-15422 affects CentOS Web Panel cwp-e17.0.9.8.923. The issue is in ajax_mod_security.php where the archivo parameter is parsed without proper validation, allowing an attacker to execute arbitrary code with root privileges. This is a network-based remote code execution vulnerability (no au...