6262 matches found
CVE-2022-31182
CVE-2022-31182 affects Discourse. A maliciously crafted request for static assets can cause error responses to be cached by Discourse’s default NGINX proxy configuration (cache poisoning). Root cause: incorrect/unsafe caching behavior in the proxy setup when handling static asset requests. Affect...
CVE-2022-31182 Cache poisoning via maliciously-formed request in Discourse
Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse's default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and...
Nginx LDAP auth authentication module sample program remote code execution vulnerability
Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5. A remote code execution vulnerability exists in information systems that deploy Nginx and also reference the Nginx LDAP auth authentication module sample code...
Discourse 安全漏洞
Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. A security vulnerability exists in Discourse stable 2.8.6 and earlier, Discourse beta 2.9.0.beta7 and earlier, and Discourse tests-passed 2.9.0.beta7 and earlier, whi...
PT-2022-6368 · Nginx +1 · Nginx +1
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta, and tests-passed versions Description: The issue is related to a maliciously crafted request for static assets that could cause error responses to be cached by Discourse's default NGINX pro...
[SECURITY] Fedora 36 Update: goloris-0-0.7.20200326gita59fafb.fc36
Slowloris for NGINX DoS. Written in go...
Fedora: Security Advisory for golang-github-path-network-mmproxy (FEDORA-2022-37aef44d1e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-path-network-mmproxy-2.1-4.fc36
go-mmproxy is a standalone application that unwraps HAProxy's PROXY protocol also adopted by other projects such as NGINX so that the network connection to the end server comes from client's - instead of proxy server's - IP address and port number...
Improper Input Validation Leads to Privilege Escalation and Denial of Service
Description Improper input validation allows an attacker to privilege escalation and can make crash nginx server. There is no input validation in the v-add-web-domain-redirectL82, and "v-redirect-custom" input on the "Edit Web Domain" page, inputs are written directly to the...
Internet Bug Bounty: Off-by-slash vulnerability in nodejs.org and iojs.org
Original Report: https://hackerone.com/reports/1631350 The reason for submitting this report is written in the comment of the original report. ---- Summary: Configuration files for Nginx in nodejs/build repository have multiple off-by-slash misconfigurations. Because nodejs.org and iojs.org are...
Roxy-WI Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE', 'Description' = %q This module exploits an unauthenticated command injection...
Roxy-WI Remote Command Execution Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Roxy-WI versions prior to 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers...
HTTP Request Smuggling
libhttp-daemon-per is vulnerable to HTTP request smuggling. The vulnerability exists because most Perl based applications are served on top of Nginx or Apache, not on the HTTP::Daemon which allows an attacker to gain privileged access to APIs or poison intermediate caches...
The vulnerability of the njs_vmcode_interpreter function (src/njs_vmcode.c) in the njs interpreter of the nginx server allows a hacker to cause a service failure.
The vulnerability of the njsvmcodeinterpreter function src/njsvmcode.c in the njs interpreter of the nginx server involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
Vulnerability of the njs_scope_value() function (njs_scope.h) in the njs interpreter of the nginx server, allowing a hacker to execute arbitrary code
The vulnerability of the njsscopevalue function njsscope.h in the njs interpreter of the nginx server is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Vulnerability of the njs_djb_hash() function (src/njs_djb_hash.c) in the njs interpreter of the nginx server, allowing a hacker to execute arbitrary code
The vulnerability of the njsdjbhash function src/njsdjbhash.c in the njs interpreter of the nginx server is related to the execution of an operation outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Vulnerability of the njs_value_to_number() function (src/njs_value_conversion.h) in the njs interpreter of the nginx server, allowing a hacker to execute arbitrary code
The vulnerability of the njsvaluetonumber function src/njsvalueconversion.h in the njs interpreter of the nginx server is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Vulnerability of the njs_value_own_enumerate() function (src/njs_value.c) in the njs interpreter of the nginx server, allowing a hacker to execute arbitrary code
The vulnerability of the njsvalueownenumerate function src/njsvalue.c in the njs interpreter of the nginx server is related to the execution of an operation outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Vulnerability of the njs_utf8_next() function (src/njs_utf8.h) in the njs interpreter of the nginx server, allowing a attacker to execute arbitrary code
The vulnerability of the njsutf8next function src/njsutf8.h in the njs interpreter of the nginx server is related to the execution of an operation outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Vulnerability of the njs_value_property() function (njs_value.c) in the njs interpreter of the nginx server, allowing a hacker to execute arbitrary code
The vulnerability of the njsvalueproperty function njsvalue.c in the njs interpreter of the nginx server is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...