GHSA-3VWR-JJ4F-H98X eZ Publish Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution RCE, a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if...

eZ Publish Remote code execution in file uploads

This Security Advisory is about a vulnerability in the way eZ Platform and eZ Publish Legacy handles file uploads, which can in the worst case lead to remote code execution RCE, a very serious threat. An attacker would need access to uploading files to be able to exploit the vulnerability, so if...

GHSA-6XCH-2VXX-5PVR eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud)

The recommended Apache/Nginx virtual host configuration for eZ Platform includes a rewrite rule for blocking access to executable files in the var directory. This rule does not work when using eZ Platform Cloud i.e. running eZ Platform on the Platform.sh cloud service. The consequence of this is...

PT-2024-40410 · Apache +1 · Apache +1

Name of the Vulnerable Software and Affected Versions: eZ Platform and Legacy affected versions not specified Description: The issue is related to how uploaded PHP and PHAR files are handled. It consists of two parts: web server configuration and disabling the PHAR stream wrapper. The sample web...

RHEL 9 : nginx (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nginx: Memory corruption in the ngxhttpmp4module CVE-2022-41741 - Rejected reason: DO NOT USE THIS...

CLSA-2024-1715280815 nginx: Fix of CVE-2023-44487

CVE-2023-44487: HTTP/2: per-iteration stream handling limit...

K000138898: BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, and NGINX App Protect WAF attack signature check failure

Security Advisory Description BIG-IP Advanced WAF/ASM, BIG-IP Next WAF, or NGINX App Protect WAF may fail to match an attack signature. This issue occurs when all of the following conditions are met: The affected security policy has a large number of attack signatures enabled for example, all or...

CVE-2024-1076

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...

CVE-2024-1076

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...

CVE-2024-1076 SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...

CVE-2024-1076

CVE-2024-1076 affects the SSL Zen WordPress plugin: versions before 4.6.0 fail to prevent directory listing of private keys because access control relies solely on .htaccess, which may be ignored on servers that don’t support .htaccess (e.g., NGINX). This can let an attacker read private keys. Th...

CVE-2024-1076 SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

The SSL Zen WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who...

WordPress plugin SSL Zen 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-39481

Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, th...

CVE-2023-39481

Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, th...

CVE-2023-39481 Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability

Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, th...

CVE-2023-39481 Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability

Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, th...

CVE-2023-39481

CVE-2023-39481 affects Softing Secure Integration Server. The root cause is an inconsistency in URI parsing between NGINX and the application web server, enabling an attacker to execute arbitrary code in the root context. The vulnerability is described as remote code execution and is noted to all...

C2-Cloud - The C2 Cloud Is A Robust Web-Based C2 Framework, Designed To Simplify The Life Of Penetration Testers

The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the AWS cloud. It can manage several simultaneous backdoor sessions with a user-friendly interface. C2 Clou...

Fedora 40 : python-aiohttp / python-openapi-core (2024-000a25f3fc)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-000a25f3fc advisory. Security update for CVE-2024-27306 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.5 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.4...