FIBARO System Home Center 5.021 - Remote File Include

Exploit Title: FIBARO System Home Center 5.021 - Remote File Include Date: 2020-03-22 Author: LiquidWorm Vendor: https://www.fibaro.com CVE: N/A Vendor: FIBAR GROUP S.A. Product web page: https://www.fibaro.com Affected version: Home Center 3, Home Center 2, Home Center Lite 5.021.38 4.580 4.570...

CVE-2018-16844

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngxhttpv2module not compiled by default if the 'http2' option of the 'listen' directive is used in a configuration file...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is not explicitly stated, but the repository contains various vulnerable environments, including ones related to Flask, Apache, Nginx, and more. The repository is maintained by phith0n and is...

PHP-FPM - Underflow Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP-FPM Underflow RCE', 'Description' = %q This module exploits an underflow vulnerability in versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data V2.1.0 NGINX (CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-20372), Docker (CVE-2019-17149, CVE-2019-17150), Kubernetes (CVE-2019-11245, CVE-2019-11253, CVE-2019-1022

Summary Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data V2.1.0 NGINX CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-20372, Docker CVE-2019-17149, CVE-2019-17150, Kubernetes CVE-2019-11245, CVE-2019-11253, CVE-2019-10223, CVE-2019-17110 Vulnerability Details...

PHP-FPM 7.x Remote Code Execution Exploit

This Metasploit module exploits an underflow vulnerability in PHP-FPM versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certain Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code see refs...

PHP-FPM 7.x Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP-FPM Underflow RCE', 'Description' = %q This module exploits an underflow vulnerability in versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and...

nginx < 1.17.7 Information Disclosure

According to its Server response header, the installed version of nginx is prior to 1.17.7. It is, therefore, affected by an information disclosure vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Security Bulletin: IBM Aspera Shares Web Application is affected by NGINX Vulnerabilities (CVE-2019-13067)

Summary IBM Aspera Shares Web Application has addressed the following OpenSSL vulnerability. Vulnerability Details CVEID: CVE-2019-13067 DESCRIPTION: njs, used in NGINX, is vulnerable to a denial of service, caused by a buffer over-read in nxtutf8decode in nxt/nxtutf8.c. By persuading a victim to...

Security Bulletin: IBM Aspera Shares is affected by the following NGINX vulnerability (CVE-2019-13617)

Summary IBM Aspera Shares has addressed the following NGINX vulnerability Vulnerability Details CVEID: CVE-2019-13617 DESCRIPTION: njs, used in NGINX, is vulnerable to a denial of service, caused by a heap-based buffer over-read in nxtvsprintf in nxt/nxtsprintf.c during error handling. By...

Security Bulletin: Aspera Web Shares application is affected by NGINX Vulnerabilities (CVE-2019-12208, CVE-2019-12207)

Summary IBM Aspera Shares has addressed the following NGINX vulnerabilities. Vulnerability Details CVEID: CVE-2019-12208 DESCRIPTION: NGINX njs is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the njsfunctionnativecall function in njs/njsfunction.c. By sending...

NGINX allows HTTP request smuggling

Summary Under some special configuration NGINX permits HTTP request smuggling which can lead an attacker to access unauthorized web pages. Impact None. Our products are not affected by this issue because the configuration used is not vulnerable. Mitigation Not required Solution Not required...

EulerOS 2.0 SP8 : nginx (EulerOS-SA-2020-1167)

According to the version of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read...

Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2020-1167)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : nginx (EulerOS-SA-2020-1119)

According to the version of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read...

Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2020-1119)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 3.0: Nginx PHSA-2020-3.0-0057

An update of the nginx package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0057. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid133808;...

PT-2020-6523 · Unknown · Ingress-Nginx

Name of the Vulnerable Software and Affected Versions: ingress-nginx versions prior to 0.28.0 Description: The issue is related to errors in processing hyperlinks in the ingress-nginx controller in a Kubernetes cluster. This can be exploited by a remote attacker to gain access to create, modify, ...

Important Photon OS Security Update - PHSA-2020-0057

Updates of 'python2', 'bash', 'yarn', 'libsolv', 'nginx' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2020-3.0-0057

Updates of 'nginx', 'python2', 'libsolv', 'yarn', 'bash' packages of Photon OS have been released...