6246 matches found
DEBIAN-CVE-2018-12029
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
UBUNTU-CVE-2018-12029
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2018-12029
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2018-12029
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2018-12029
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passengerinstanceregistrydir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but befor...
CVE-2018-12029
CVE-2018-12029 describes a race condition in the Phusion Passenger nginx module (3.x–5.x) before 5.3.2. If a non-standard passenger_instance_registry_dir with weak permissions is configured, a race can occur after a file is created but before chown, where replacing the file with a symlink targets...
Security Bulletin: Vulnerability in nginx affects IBM StoredIQ (CVE-2016-4450)
Summary A denial of service vulnerability was disclosed on May 31, 2016 by nginx. Nginx is used by StoredIQ. StoredIQ has addressed the applicable CVE Vulnerability Details CVE-ID: CVE-2016-4450 Description: nginx is vulnerable to a denial of service, caused by a NULL pointer dereference error in...
Security Bulletin: Aspera Applications are affected by a Nginx vulnerability
Summary Aspera Applications has addressed the following vulnerability: Nginx could allow a remote attacker to obtain sensitive information caused by an integer overflow in nginx range filter mode. Vulnerability Details CVEID: CVE-2017-7529 DESCRIPTION: Nginx could allow a remote attacker to obtai...
Joomla EkRishta 2.10 SQL Injection
Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Date: 2018-06-11 Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win 10 POC : SQLi : Parameter : username...
Joomla! Component EkRishta 2.10 - 'username' SQL Injection
Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Date: 2018-06-11 Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win 10 POC : SQLi : Parameter : username...
CHMOD race vulnerability
The file system access race condition allows for local privilege escalation and affects the Nginx module for Passenger versions 5.3.1, all the way back to 3.0.0 the chown command entered the code in 2010. The vulnerability was exploitable only when running a non-standard...
nginx.com Improper Access Control vulnerability
Open Bug Bounty ID: OBB-626969 Description| Value ---|--- Affected Website:| nginx.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Wordpress Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
Our documentation for running Confluence behind a http that terminates https is probably incorrect
Specifically, the https://confluence.atlassian.com/doc/running-confluence-behind-nginx-with-ssl-858772080.html page says quote Note: don't include secure="true" in this connector. Make sure you've included correct values for protocol and proxyName. quote which differs from all of our other...
Researchers Defeat AMD's SEV Virtual Machine Encryption
German security researchers claim to have found a new practical attack against virtual machines VMs protected using AMD's Secure Encrypted Virtualization SEV technology that could allow attackers to recover plaintext memory data from guest VMs. AMD's Secure Encrypted Virtualization SEV technology...
Misconfigured Reverse Proxy Servers Spill Credentials
Researchers have created a proof-of-concept attack that allows unauthenticated adversaries to extract user credentials from misconfigured reverse proxy servers in order to delete, manipulate or extract data from websites and applications. The proof-of-concept PoC attack targets major cloud...
Quick tip: Watch out — restriction by location can be circumvented.
by @Andrey Danau, Wallarm Research If you are like many app developers, you may be using nginx or apache proxy or a web server on the front end of your application. If you are on a tight schedule, it is tempting to tie authorization and data controls simply to the locations defined in the front...
Yahei PHP Prober 0.4.7 - Cross-Site Scripting
Yahei PHP Prober 0.4.7 - Cross-Site Scripting Exploit title: Yahei-PHP Proberv0.4.7 - Cross-Site Scripting Google Dork: intitle:"Proberv0." | inurl:/proberv.php Date: 23/03/2018 Exploit Author: ManhNho Vendor Homepage: http://www.yahei.net/ Software Link: www.yahei.net/tz/tze.zip Version: 0.4.7...
Yahei PHP Prober 0.4.7 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit title: Yahei-PHP Proberv0.4.7 - Cross-Site Scripting Google Dork: intitle:"Proberv0." | inurl:/proberv.php Date: 23/03/2018 Exploit Author: ManhNho Vendor Homepage: http://www.yahei.net/ Software Link: www.yahei.net/tz/tze.zip Version:...
ModSecurity WAF 3.0 for Nginx - Denial of Service Vulnerability
Exploit for linux platform in category dos / poc / 1. Use-After-Free UAF / During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set 123. In the system logs I found information about the Nginx worker processes being terminated due to memory...
Nginx 1.13.10 Accept-Encoding Line Feed Injection Exploit
Exploit for linux platform in category remote exploits // UndergroundAgency UA - koa, bacL, g3kko, Dostoyevsky // trigger nginx 1.13.10 latest logic flaw / bug // 2018 // Tested on Ubuntu 17.10 x86 4.13.0-21-generic include include include include include include include int mainint argc, char ar...