6256 matches found
Path traversal when MessageBus::Diagnostics is enabled
Impact Users who deployed message bus with diagnostics features enabled default off were vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is ...
CVE-2021-43840
messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...
CVE-2021-43840
messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...
Path traversal
messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...
CVE-2021-43840 Path traversal in message_bus
messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...
CVE-2021-43840
messagebus is a messaging bus for Ruby processes and web clients. In versions prior to 3.3.7 users who deployed message bus with diagnostics features enabled default off are vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user...
Path traversal when MessageBus::Diagnostics is enabled
Impact Users who deployed message bus with diagnostics features enabled default off were vulnerable to a path traversal bug, which could lead to disclosure of secret information on a machine if an unintended user were to gain access to the diagnostic route. The impact is also greater if there is ...
The vulnerability of the nginx.ingress.kubernetes.io/auth-type controller in the Kubernetes ingress-nginx cluster arises from improper external management of the file name. This allows attackers to access, create, modify, or delete data.
The vulnerability of the nginx.ingress.kubernetes.io/auth-type controller in the Kubernetes ingress-nginx cluster is related to errors in processing hypertext links. Exploiting this vulnerability may allow an attacker to gain access to the ability to create, modify, or delete data...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
This repository is an open-source collection of vulnerable systems and applications for educational purposes, known as Vulhub. It is a defensive blue-team research and threat mitigation tool, used to improve detection, response, and patch prioritization. The repository contains a variety of...
CRLF Injection
phpservermon/phpservermon is vulnerable to CRLF injection. The vulnerability exists because of the misconfiguration in nginx that allows a malicious attacker to gain CSRF token and set fake cookies...
HD-Network Real-time Monitoring System 2.0 - Local File Inclusion Vulnerability
Exploit Title: HD-Network Real-time Monitoring System 2.0 - Local File Inclusion LFI Google Dork: intitle:"HD-Network Real-time Monitoring System V2.0" Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: N/A Version: V2.0 Tested on: Nginx NVRDVRIPC Web Server Proof of Concept: GET...
HD-Network Real-Time Monitoring System 2.0 Local File Inclusion
Exploit Title: HD-Network Real-time Monitoring System 2.0 - Local File Inclusion LFI Google Dork: intitle:"HD-Network Real-time Monitoring System V2.0" Date: 11/12/2021 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: N/A Version: V2.0 Tested on: Nginx NVRDVRIPC Web Server Proof of...
HD-Network Real-time Monitoring System 2.0 - Local File Inclusion (LFI)
Exploit Title: HD-Network Real-time Monitoring System 2.0 - Local File Inclusion LFI Google Dork: intitle:"HD-Network Real-time Monitoring System V2.0" Date: 11/12/2021 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: N/A Version: V2.0 Tested on: Nginx NVRDVRIPC Web Server Proof of...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
nginx-mitigate-log4shell Mitigate log4shell CVE-2021-44228 an...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
LOG4SHELL-CVE-2021-44228-Validator !Basic testhttps://git...
Security Bulletin: Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX affect IBM Spectrum Protect Plus
Summary Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX such as directory traversal, execution of arbitrary commands, obtaining sensitive information, elevated privileges, bypassing security restrictions, and denial of service, may affect IBM Spectrum Protect Plus. Vulnerability...
MGASA-2021-0540 Updated nginx/vsftpd packages fix security vulnerability
ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication...
Updated nginx/vsftpd packages fix security vulnerability
ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication...
CVE-2021-42717
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...
CVE-2021-42717
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...