Lucene search
K

71 matches found

The Hacker News
The Hacker News
added 2019/10/26 7:3 p.m.434 views

New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043, affects...

9.8CVSS0.3AI score0.9947EPSS
Exploits54
BDU FSTEC
BDU FSTEC
added 2019/08/22 12:0 a.m.3 views

The vulnerability relates to the implementation of the HTTP/2 network protocol on Windows operating systems, nginx servers, network programming tools like netty, Envoy, SwiftNIO, and Node.js software platforms. This allows attackers to induce service failures.

The vulnerability of the HTTP/2 network protocol implementation in Windows operating systems, nginx servers, network programming tools like Netty, Envoy, SwiftNIO, and Node.js software platforms is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a maliciou...

7.8CVSS5.5AI score0.25448EPSS
Exploits0References10Affected Software6
The Hacker News
The Hacker News
added 2019/08/14 8:19 a.m.3 views

8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks

Various implementations of HTTP/2, the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft's IIS, and NGINX. Launched in May 2015, HTTP/2 has been designed for bett...

8.8CVSS8.7AI score0.87806EPSS
Exploits1
CNVD
CNVD
added 2019/07/17 12:0 a.m.2 views

NGINX njs buffer overflow vulnerability (CNVD-2019-23077)

NGINX is the United States NGINX company a lightweight Web server/reverse proxy server and e-mail IMAP/POP3 proxy server. njs is one of the support for extending the functionality of NGINX scripting language components . A buffer overflow vulnerability exists in nxtvsprintf in the nxt/nxtsprintf....

6.5CVSS7AI score0.01305EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/03/12 12:0 a.m.22 views

The vulnerability of the HTTP/2 server implementation in nginx allows a attacker to trigger a service failure.

The vulnerability of the HTTP/2 server implementation based on nginx is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

7.8CVSS6.6AI score0.47057EPSS
Exploits0References3Affected Software2
Packet Storm
Packet Storm
added 2017/10/16 12:0 a.m.71 views

3CX Phone System 15.5.3554.1 Directory Traversal

Title: ====== 3CX Phone System - Authenticated Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-15359 Risk Information: ================= CVSS Base Score: 6.8 CVSS Vector: CVSS3AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Timeline:...

6.6AI score0.06168EPSS
Exploits4
CNVD
CNVD
added 2016/02/08 12:0 a.m.3 views

nginx denial of service vulnerability (CNVD-2016-00982)

nginx is an HTTP and reverse proxy server that can also be used as a mail proxy server. A security vulnerability exists in nginx that allows remote attackers to submit special requests for denial of service attacks...

9.8CVSS8.1AI score0.08625EPSS
Exploits0References1
Kitploit
Kitploit
added 2014/07/16 9:8 p.m.28 views

Netsparker v3.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...

8.2AI score
Exploits0
Hacker One
Hacker One
added 2014/07/02 6:38 p.m.19 views

Factlink: XSS 01 on staging.fct.li

hey the error message generated can be used to escape out of a dynamically generated href link. The below will render in internet explorer without xss filter enabled of course. See the screenshot for an example. The response is: HTTP/1.1 504 Gateway Time-out Server: nginx/1.4.4 Date: Wed, 02 Jul...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/06/21 12:0 a.m.54 views

GLSA-201203-22 : nginx: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201203-22 nginx: Multiple vulnerabilities Multiple vulnerabilities have been found in nginx: The TLS protocol does not properly handle session renegotiation requests CVE-2009-3555. The 'ngxhttpprocessrequestheaders' function in...

9.8CVSS8.3AI score0.87264EPSS
Exploits19References6
Tenable Nessus
Tenable Nessus
added 2009/09/14 12:0 a.m.18 views

nginx HTTP Request Remote Buffer Overflow

Binary data 5174.prm...

7.5CVSS7.3AI score0.669EPSS
Exploits3References2
Rows per page
Query Builder