6254 matches found
UBUNTU-CVE-2020-24660
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...
CVE-2020-24660
CVE-2020-24660 affects LemonLDAP::NG (up to 2.0.8) when used with NGINX, and the Lemonldap::NG handler for Node.js (before 0.5.2). The issue allows an attacker to bypass URL-based access control on protected Virtual Hosts by submitting a non-normalized URI. The vulnerability can impact systems th...
CVE-2020-24660
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...
CVE-2020-24660
An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...
Debian DSA-4762-1 : lemonldap-ng - security update
It was discovered that the default configuration files for running the Lemonldap::NG Web SSO system on the Nginx web server were susceptible to authorisation bypass of URL access rules. The Debian packages do not use Nginx by default. C Tenable Network Security, Inc. The descriptive text and...
Debian: Security Advisory (DLA-2367-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2367-1 : lemonldap-ng security update
lemonldap-ng community fixed a vulnerability in the Nginx default configuration files CVE-2020-24660. Debian package does not install any default site, but documentation provided insecure examples in Nginx configuration before this version. If you use lemonldap-ng handler with Nginx, you should...
[SECURITY] [DSA 4762-1] lemonldap-ng security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4762-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 07, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2367-1] lemonldap-ng security update
---------------------------------------------------------------------- Debian LTS Advisory DLA-2367-1 [email protected] https://www.debian.org/lts/security/ Xavier Guimard September 07, 2020 https://wiki.debian.org/LTS -...
Grocy 2.7.1 Cross Site Scripting
Exploit Title: grocy 2.7.1 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://berrnd.de/ Software Link: https://github.com/grocy/grocy Version: 2.7.1 Tested on: Kali Linux 2020.3 Proof Of Concept: grocy household management solution...
PHPStudy suffers from nginx parsing vulnerability
PHPStudy is a program integration package for PHP debugging environment. PHPStudy suffers from a nginx parsing vulnerability, which can be exploited by an attacker to cause arbitrary code execution via the upload function by uploading legitimate file types containing malicious code to the server...
Exploit for Out-of-bounds Write in Php
It is an exploit module/toolkit targeting a remote code execution vulnerability. The target product/service or framework is php-fpm and Nginx. The vulnerability class/vector is remote code execution RCE. The probable entry point is not specified. Notable dependencies/tooling include Python and...
nginx:http_request_fuzzer: Heap-use-after-free in ngx_http_free_request
Detailed Report: https://oss-fuzz.com/testcase?key=4898341660655616 Project: nginx Fuzzing Engine: honggfuzz Fuzz Target: httprequestfuzzer Job Type: honggfuzzasannginx Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address: 0x62100117e288 Crash State: ngxhttpfreerequest...
@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000226 via swagger-ui (>=2.0.17 <=2.1.8-M1)
swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000226 Source advisory: OSV:GHSA-7F59-X49P-V8MQ...
Exporting Nginx Access Logs to an ELK Cluster
The Wallarm WAF provides an organization with the ability to protect their applications and APIs against a wide range of attacks. However, an organization may wish to achieve a greater degree of visibility into attack traffic and alerts than is possible via the Wallarm user interface. The Wallarm...
Exporting Nginx Access Logs to an ELK Cluster
The Wallarm WAF provides an organization with the ability to protect their applications and APIs against a wide range of attacks. However, an organization may wish to achieve a greater degree of visibility into attack traffic and alerts than is possible via the Wallarm user interface. The Wallarm...
vulhub
It is an offensive tool for web application security training. The target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector is not...
Debian DSA-4750-1 : nginx - security update
It was reported that the Lua module for Nginx, a high-performance web and reverse proxy server, is prone to a HTTP request smuggling vulnerability. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4750. The te...
Debian: Security Advisory (DSA-4750-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4750-1] nginx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4750-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2020 https://www.debian.org/security/faq -...