Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2021-2513)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : nginx (EulerOS-SA-2021-2513)

According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This is an offensive tool for web application security training. It is a collection of vulnerable web applications, each with its own set of vulnerabilities, designed to help users learn and practice web application security testing. The repository contains a variety of web applications, includin...

EulerOS 2.0 SP8 : nginx (EulerOS-SA-2021-2476)

According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that caus...

CLSA-2021-1632261762 Fix of CVE: CVE-2021-23017

Update fix for CVE-2021-23017 accoding nginx.org recomendations...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The exploit targets a vulnerability in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit works by appending a specially crafted URL to the web server, which...

About the security content of Xcode 13

About the security content of Xcode 13 This document describes the security content of Xcode 13. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recen...

The vulnerability of the autoindex module of the NGINX server, related to integer overflows, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the NGINX server’s autoindex module is related to incorrect processing of years with four or more digits. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This repository is an open-source collection of vulnerable systems and applications for educational purposes, specifically for penetration testing and vulnerability assessment. It is maintained by phith0n and is available on GitHub under the MIT License. The repository contains a variety of...

Security Bulletin: A security vulnerability in NGINX ffects IBM Cloud Automation Manager

Summary A security vulnerability in NGINX ffects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack, which exploits TL...

Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2021-2412)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Wallarm API Firewall outperforms Nginx in a production environment

Wallarm API Firewall is a free light-weighted API Firewall that protects your API endpoints in cloud-native environments with API schema validation. Wallarm API Firewall relies on a positive security model allowing calls that match a predefined API specification, while rejecting everything else...

CVE-2021-23050

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery CSRF-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to...

CVE-2021-23050

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery CSRF-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to...

Cross site request forgery (csrf)

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery CSRF-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to...

CVE-2021-23050

CVE-2021-23050 affects BIG-IP Advanced WAF and BIG-IP ASM (and related NGINX App Protect) when a CSRF-enabled policy on a virtual server is configured. The vulnerability can cause the bd process to terminate due to an undisclosed HTML response, leading to DoS as described in vendor advisories. Af...

CVE-2021-23050

On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery CSRF-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to...

EulerOS 2.0 SP2 : nginx (EulerOS-SA-2021-2412)

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause...

CVE-2021-24490

The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...

Cross site request forgery (csrf)

The Email Artillery MASS EMAIL WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well...