Fedora 23 : wordpress (2016-a5e392ef01)

See upstream announcement WordPress 4.5.3 Maintenance and Security Release Packaging changes : - provide nginx configuration fedora - drop mandatory dependency on httpd suggested 1336091 - protect php files in uploads directory Note that Tenable Network Security has extracted the preceding...

Incident Response Forensic Framework: nightHawk Response

Incident Response Forensic Framework Custom built application for asynchronus forensic data presentation on an ElasticSearch backend. This application is designed to ingest a Mandiant Redline “collections” file and give flexibility in search/stack and tagging. The application was born out of the...

nginx: invalid pointer dereference in resolver

It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its...

nginx: use-after-free during CNAME response processing in resolver

A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration...

Moderate: Red Hat Security Advisory: rh-nginx18-nginx security update

An update for rh-nginx18-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nginx: NULL pointer dereference while writing client request body

A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash...

Fedora 24 : wordpress (2016-d9bd0c4830)

WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. See the Release announcement --- Packaging changes - provide nginx configuration - drop mandatory dependency on httpd only suggested and modphp...

Fedora 24 : 1:nginx (2016-c329fc4c32)

update to upstream release 1.10.1 to fix CVE-2016-4450 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 23 : 1:nginx (2016-ea323bd6cf)

fix CVE-2016-4450 ---- update to upstream release 1.8.1 to fix CVE-2016-4450 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

CVE-2016-4450 Nginx Vulnerabilities | Cloud Foundry

CVE-2016-4450 Nginx Vulnerabilities Medium Vendor nginx, Cloud Foundry Versions Affected nginx before 1.10.1 and 1.11.x versions before 1.11.1 Cloud Foundry staticfile buildpack prior to version 1.3.9 Cloud Foundry cf-release prior to version 238 Description os/unix/ngxfiles.c in nginx before...

Legal Robot: AWS S3 website can't serve security headers, may allow clickjacking

Security researcher discovered that our AWS S3 website was not serving some basic security headers like X-Frame-Options. We resolved the issue by putting nginx in front of our AWS S3 website and adding header directives. Fixed security headers can be verified here: https://schd.io/zt...

Uber: Server version disclosure

Hi uber, maybe this is a low risk but i want to report that the nginx and openresty server version are being disclosed. For openresty: Accessing this url: https://chef.uberinternal.com/ will give you an error "502 Bad Gateway" but you can see on the page that the server version was disclose...

Vulnerability of nginx software, allowing a remote attacker to compromise the confidentiality of protected information

The vulnerability in the SMTP proxy of Nginx allows attackers who operate on a “man-in-the-middle” principle to inject commands into SSL sessions initiated with the STARTTLS command, thereby gaining access to confidential information sent by clients...

Vulnerabilities in the nginx software allow a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

Overfilling buffers in dynamic memory in the SPDY implementation of nginx allows malicious actors operating remotely to execute arbitrary code using specially crafted requests...

Vulnerabilities in the nginx software allow a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in the implementation of SPDY in the ngxhttpspdymodule module of nginx when running on 32-bit platforms allows malicious actors to execute arbitrary code using specially crafted requests...

Paragon Initiative Enterprises: Nginx Version Disclosure On Forbidden Page

Hi, PoC 1- Go that link you'll see the version of nginx server https://paragonie.com/static/highlightjs/...

iBilling 3.7.0 Cross Site Scripting

Cross Site Scripting Stored: http://localhost/ibilling/index.php Parameters: msg, desc, account, phone, company, address, city, state, zip, tags, description, ref POST...

iBilling 3.7.0 - Persistent Cross-Site Scripting Reflected Cross-Site Scripting

iBilling 3.7.0 - Persistent Cross-Site Scripting Reflected Cross-Site Scripting iBilling v3.7.0 Multiple Stored and Reflected Cross Site Scripting Vulnerabilities Vendor: iBilling Product web page: http://www.ibilling.io/ Affected version: 3.7.0 Summary: The features you want, the simplicity you...

iBilling 3.7.0 - Persistent Cross-Site Scripting / Reflected Cross-Site Scripting

Exploit for php platform in category web applications iBilling v3.7.0 Multiple Stored and Reflected Cross Site Scripting Vulnerabilities Vendor: iBilling Product web page: http://www.ibilling.io/ Affected version: 3.7.0 Summary: The features you want, the simplicity you need! Beautifully designed...

iBilling 3.7.0 - Persistent Cross-Site Scripting / Reflected Cross-Site Scripting

iBilling v3.7.0 Multiple Stored and Reflected Cross Site Scripting Vulnerabilities Vendor: iBilling Product web page: http://www.ibilling.io/ Affected version: 3.7.0 Summary: The features you want, the simplicity you need! Beautifully designed for best User Interface & User Experience. The softwa...