CVE-2020-29238

An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request...

CVE-2020-29238

CVE-2020-29238 describes an integer buffer overflow in the Nginx webserver used by ExpressVPN Router firmware v1, when the server runs as a reverse proxy. The vulnerability allows remote attackers to cause information disclosure via specially crafted requests. Affected product is ExpressVPN Route...

Important: Red Hat Security Advisory: Red Hat Ansible Tower 3.6.7-1 - Container security and bug fix update

Red Hat Ansible Tower 3.6.7-1 - RHEL7 Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

ExpressVPN Router 输入验证错误漏洞

ExpressVPN Router is a VPN router from ExpressVPN UK. It provides a protected network communication feature. ExpressVPN Router suffers from an input validation error vulnerability that originates from an integer buffer overflow in the Nginx web server, which can be exploited by an attacker to...

CVE-2021-21335

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...

CVE-2021-21335

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...

Authentication flaw

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...

CVE-2021-21335

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...

CVE-2021-21335 Basic Authentication can be bypassed using a malformed username

In the SPNEGO HTTP Authentication Module for nginx spnego-http-auth-nginx-module before version 1.1.1 basic Authentication can be bypassed using a malformed username. This affects users of spnego-http-auth-nginx-module that have enabled basic authentication. This is fixed in version 1.1.1 of...

CVE-2021-21335

The CVE concerns the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-nginx-module). Before version 1.1.1, a malformed username could bypass basic authentication for users who have basic auth enabled. The issue is addressed in version 1.1.1; a workaround is to disable basic authentic...

spnego-http-auth-nginx-module 授权问题漏洞

Sean Timothy Noonan spnego-http-auth-nginx-module is a Sean Timothy Noonan open source application. It provides a way to add SPNEGO support to nginx functionality. A security vulnerability exists in SPNEGO HTTP Authentication Module for nginx, which stems from the fact that basic authentication c...

CVE-2020-29658

Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation...

Privilege escalation

Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation...

CVE-2020-29658

CVE-2020-29658 affects Zoho ManageEngine Application Control Plus before 100523. The issue is an insecure SSL configuration for Nginx that enables Privilege Escalation. Documents provide CVSS scores (2.0/3.1) indicating high to critical impact, but there are no exploit details or remediation step...

CVE-2020-29658

Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation...

Zoho ManageEngine Application Control Plus 安全漏洞

A security vulnerability exists in Zoho ManageEngine Application Control Plus before 100523, which stems from setting up an insecure SSL configuration for Nginx that results in privilege escalation...

Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated) Exploit

Exploit Title: Simple Employee Records System 1.0 - File Upload RCE Unauthenticated Exploit Author: email protected Vendor Homepage: https://www.sourcecodester.com/php/11393/employee-records-system.html Software Link:...

Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload

The plugin did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE. Additional Info, and Bypass of .htaccess protection found by WPScanTeam, while confirming the issue: There is...

Unbounded connection acceptance in http4s-blaze-server

Impact blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an...

GHSA-XHV5-W9C5-2R2W Unbounded connection acceptance in http4s-blaze-server

Impact blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an...