DSA-3701-1 nginx - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3701-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

yawast - The YAWAST Antecedent Web Application Security Toolkit

YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories: TLS/SSL - Versions and cipher suites supported; common issues. Information Disclosure - Checks for common information...

MLM Unilevel Plan Script 1.0.2 SQL Injection

Application Name : MLM Unilevel Plan Script v1.0.2 Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Author Contact : https://twitter.com/byn4tural Vendor Homepage : http://www.i-netsolution.com/ Vulnerable Type : SQL Injection Date : 2016-10-06 Tested on : Windows 10 / Mozilla...

MLM Unilevel Plan Script 1.0.2 - SQL Injection

MLM Unilevel Plan Script 1.0.2 - SQL Injection Application Name : MLM Unilevel Plan Script v1.0.2 Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Author Contact : https://twitter.com/byn4tural Vendor Homepage : http://www.i-netsolution.com/ Vulnerable Type : SQL Injection Date :...

SOL08250500 - Nginx vulnerability CVE-2016-4450

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

OpenSSL OCSP status request extension there is a serious vulnerability-a vulnerability warning-the black bar safety net

Overview OpenSSL OCSP status request extension there is a serious vulnerability, the vulnerability to make a malicious client can exhaust server memory. The use of the vulnerability, to make the default configuration of the server on each Protocol heavy commercial division with a period of OCSP i...

Coinbase: Information leakage on https://docs.gdax.com

docs.gdax.com was exposing the nginx version in error pages. We changed the nginx configuration to not report that information as a defense-in-depth measure...

IRCCloud: Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE

Summary ======== During my reconnaissance for your bug bounty program, I discovered an instance of nginx version 1.4.6 running at the IP address https://54.153.101.52. To locate it, I search for IRCCloud-related certificated and found the self-signed certificate for this server...

Raptor Web Application Firewall

Raptor Web Application Firewall Raptor Web Application Firewall is a simple web application firewall made in C, using KISS principle , to make poll use select function, is not better than epoll or kqueue from BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path...

Legal Robot: Server version disclosure

Security researcher discovered a NGINX version disclosure on legalrobot.com by submitting illegal characters. As a result of this report, we clarified our H1 policy on version disclosure without demonstrated vulnerability...

Yelp: Ngnix Server version disclosure 404 Page!

Hey, I have noticed that the 404 Not Found page of apiok.ru shows Ngnix server version! This may b a Low Risk But If the attacker came to know about the Server version he can gather some public exploits of that server version & perform his malicious attacks. Similar Report: 141125 Link where the...

ARTLAS - Apache Real Time Logs Analyzer System

Real time Apache log analyzer, based on top 10 OWASP vulnerabilities, identifies attempts of exploration in your web application, and notify you or your incident team on Telegram, Zabbix and Syslog/SIEM. ARTLAS uses the regular expression from the PHP-IDS project, to identify the attempts of...

nginx parsing vulnerability could allow cache poisoning attack-vulnerability warning-the black bar safety net

! Many nginx users will use Google public DNS, OpenDNS or the ISP of the the parser the parser and other parsing program instructions to configure nginx, but among these there is a big risk, the only safe option is running on the local host to a parser. I found that not only the nginx stub resolv...

Gratipay: Insecure Transportation Security Protocol Supported (TLS 1.0)

Description: Its observed that that insecure transportation security protocol TLS 1.0 is supported by your web server. TLS 1.0 has several flaws. An attacker can cause connection failures and they can trigger the use of TLS 1.0 to exploit vulnerabilities like BEAST. Websites using TLS 1.0 will be...

Gratipay: nginx version disclosure on downloads.gratipay.com

Hello, Navigating to http://downloads.gratipay.com/Error goes to a 404 error page disclosing your Nginx version. Server information should be protected since anyone with a bad intent on would try to find exploit for the specified server version. Thanks, Footstep...

nginx CGI Application Redirection Vulnerability

nginx is a Russian software developer Igor Sysoev developed a HTTP and reverse proxy server , can also be used as a mail proxy server . CGI Application is one of the lightweight MVC framework for Web application development . A redirection vulnerability exists in the nginx CGI Application. A remo...

Dealing with IIS FastCGI vulnerability-vulnerability warning-the black bar safety net

Problem description: FastCGI parsing vulnerability WebServer Fastcgi configured improperly, can cause other files, such as css, js, jpg and other static files are treated as php script parsing to perform. When the user inserts a malicious script webshell to static files uploaded to the webserver...

nginx security bypass vulnerability

nginx is an HTTP and reverse proxy server developed by Russian software developer Igor Sysoev, which can also be used as a mail proxy server. A security bypass vulnerability exists in nginx. An attacker can exploit this vulnerability to perform unauthorized operations...

Fedora 24 : wordpress (2016-7db496f6f2)

See upstream announcement WordPress 4.5.3 Maintenance and Security Release Packaging changes : - provide nginx configuration fedora - drop mandatory dependency on httpd suggested 1336091 - protect php files in uploads directory Note that Tenable Network Security has extracted the preceding...