Zero-Day Coverage Update – Week of July 23, 2018

We’re at the end of July and the Zero Day Initiative ZDI has published 873 advisories so far. That’s 273 advisories this month alone – and that’s just the tip of the iceberg! Earlier this week, ZDI announced the Targeted Incentive Program, which brings over $1,500,000 USD in special bounty awards...

SUSE-SU-2018:2039-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issue: The following security vulnerability was addressed: - CVE-2018-12029: Fixed a file system access race condition in the chown command, which allowed for local privilege escalation and affects the Nginx module bsc1097663...

Phusion Passenger nginx module elevation of privilege vulnerability

Phusion Passenger is an Apache module from the Dutch company Phusion for deploying Ruby on Rails projects on Apache and Nginx web servers. nginx module is one of the Nginx server modules. A security vulnerability in the nginx module in Phusion Passenger versions 5.3.2 through 3.x excluding versio...

Unspecified Vulnerability in Pivotal Operations Manager

Pivotal Operations Manager is a Cloud Foundry automated management solution from Pivotal Software, USA. The solution automates the deployment, upgrade and management of the Cloud Foundry platform. A security vulnerability exists in Pivotal Operations Manager versions 2.1.x prior to 2.1.6 and...

CVE-2018-11046

Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager...

Design/Logic Flaw

Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager...

CVE-2018-11046

Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager...

CVE-2018-11046

Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager...

CVE-2018-11046

Pivotal Operations Manager versions 2.1.x before 2.1.6 and 2.0.14 contain unpatched NGINX packages. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager. Connected sources corroborate affected version...

Mail.ru: Вывод значений переменных Nginx в теле страницы

При обращении к url вида: https://biz.mail.ru/$имяпеременнойnginx Значение этой переменной попадет в страницу ответа 404, во все места вида: e.mail.ru/login?lang=ruRU&Page=https%3A%2F%2Fbiz.mail.ru%2Fзначениепеременнойnginx Примеры запросов: 1 https://biz.mail.ru/test$realpathroot в ответе:...

Exploit for Integer Overflow or Wraparound in F5 Nginx

CVE-2...

CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

Security Bulletin: A vulnerability in nginx affects PowerKVM

Summary PowerKVM is affected by a vulnerability in nginx. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-7529 DESCRIPTION: Nginx could allow a remote attacker to obtain sensitive information, caused by an integer overflow in Nginx range filter module. By sending...

Security Bulletin: Vulnerabilities in nginx affect PowerKVM

Summary PowerKVM is affected by four vulnerabilities in nginx. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0742 DESCRIPTION: Nginx is vulnerable to a denial of service, caused by an invalid pointer dereference. By sending malformed UDP packets, a remote...

Nikto 2.1.6 - CSV Injection Vulnerability

Exploit for linux platform in category local exploits Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on:...

Nikto 2.1.6 - CSV Injection

Nikto 2.1.6 - CSV Injection Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linu...

Security Bulletin: IBM SmartCloud Provisioning security vulnerability has been identified in nginx (CVE-2016-4450)

Summary IBM SmartCloud Provisioning and SmartCloud Provisioning for Software Virtual Appliaance ships with nginx. A denial of service vulnerability has been identified in nginx CVE-2016-4450. Vulnerability Details CVE-ID: CVE-2016-4450 Description: nginx is vulnerable to a denial of service, caus...

CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

Race condition

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...

CVE-2018-12029

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...