71 matches found
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043, affects...
The vulnerability relates to the implementation of the HTTP/2 network protocol on Windows operating systems, nginx servers, network programming tools like netty, Envoy, SwiftNIO, and Node.js software platforms. This allows attackers to induce service failures.
The vulnerability of the HTTP/2 network protocol implementation in Windows operating systems, nginx servers, network programming tools like Netty, Envoy, SwiftNIO, and Node.js software platforms is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a maliciou...
8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
Various implementations of HTTP/2, the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft's IIS, and NGINX. Launched in May 2015, HTTP/2 has been designed for bett...
NGINX njs buffer overflow vulnerability (CNVD-2019-23077)
NGINX is the United States NGINX company a lightweight Web server/reverse proxy server and e-mail IMAP/POP3 proxy server. njs is one of the support for extending the functionality of NGINX scripting language components . A buffer overflow vulnerability exists in nxtvsprintf in the nxt/nxtsprintf....
The vulnerability of the HTTP/2 server implementation in nginx allows a attacker to trigger a service failure.
The vulnerability of the HTTP/2 server implementation based on nginx is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
3CX Phone System 15.5.3554.1 Directory Traversal
Title: ====== 3CX Phone System - Authenticated Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-15359 Risk Information: ================= CVSS Base Score: 6.8 CVSS Vector: CVSS3AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Timeline:...
nginx denial of service vulnerability (CNVD-2016-00982)
nginx is an HTTP and reverse proxy server that can also be used as a mail proxy server. A security vulnerability exists in nginx that allows remote attackers to submit special requests for denial of service attacks...
Netsparker v3.5 - Web Application Security Scanner
Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...
Factlink: XSS 01 on staging.fct.li
hey the error message generated can be used to escape out of a dynamically generated href link. The below will render in internet explorer without xss filter enabled of course. See the screenshot for an example. The response is: HTTP/1.1 504 Gateway Time-out Server: nginx/1.4.4 Date: Wed, 02 Jul...
GLSA-201203-22 : nginx: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201203-22 nginx: Multiple vulnerabilities Multiple vulnerabilities have been found in nginx: The TLS protocol does not properly handle session renegotiation requests CVE-2009-3555. The 'ngxhttpprocessrequestheaders' function in...
nginx HTTP Request Remote Buffer Overflow
Binary data 5174.prm...