openSUSE Security Update : nginx (openSUSE-SU-2014:0450-1)

nginx was updated to 1.4.7 to fix bugs and security issues. Fixed security issues : - CVE-2014-0133: nginx:heap-based buffer overflow in SPDY implementation New upstream release 1.4.7 bnc869076 CVE-2014-0133 Security: a heap memory buffer overflow might occur in a worker process while handling a...

openSUSE Security Update : nginx-1.0 (openSUSE-SU-2012:0469-1)

specially crafted http responses from upstream server could leak already freed memory %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-209. The text description of this plugin is ...

openSUSE Security Update : nginx-1.0 (openSUSE-SU-2013:1791-1)

The nginx webserver was fixed to avoid a restriction bypass when a space in not correctly escaped. CVE-2013-4547 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-913. The text...

openSUSE Security Update : nginx-0.8 (openSUSE-SU-2012:0237-1)

A flaw in the custom DNS resolver of nginx could lead to a heap based buffer overflow which could potentially allow attackers to execute arbitrary code or to cause a Denial of Service bnc731084, CVE-2011-4315. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

U-Mail邮件服务系统任意文件上传+执行漏洞（runtime缺陷与验证绕过）

简要描述： 产品介绍摘自官网 U-Mail专注于电子邮件领域15年，为企业轻松搭建最安全稳定的电子邮件系统软件。 关键字：15年 最安全 最稳定 15年 最安全 最稳定 , woxaole,这么奇葩的代码，这么奇葩的设计、这么奇葩的配置、这么奇葩的、超常轻松的、利用正常的不能再正常的功能就可以拿到shell的系统，我服了... 涉及：金融、政府、银行，石油、军队、证券行业等重要部门，影响非常巨大，经测试受影响率：99.8%100% 场外话：我很想把农业银行拿下来的,想想还是算了,毕竟随便改卡里的数字,成土豪了，这样是极其不安全的.. 详细说明： 1 产品介绍...

CVE-2 0 1 3-4 5 4 7 Nginx parsing vulnerability in-depth use and analysis-vulnerability warning-the black bar safety net

0x00 background Nginx historically there have been many times parsing vulnerability, such as 80sec found parsing vulnerability, as well as the extension directly after add%0 0 truncation lead to code execution resolves vulnerabilities. But in 2 0 1 3 year-end, nginx again broke Vulnerability, CVE...

Odd guest stars of a certain sub-patch not getshell-a vulnerability warning-the black bar safety net

Problem site: wan.7k7k.com Nginx file parsing vulnerability 0x00:everything is beautiful to blame ! In the site to see a beauty player, to view the next image address, 发现url为http://wan.7k7k.com/uploadfiles/userfiles/image/%E7%A5%9E%E6%9B%B2/%E7%8E%A9%E5%AE%B62.jpg Try the url+/x. php can...

ModSecurity v2.8.0 - Open Source Web Application Firewall

ModSecurity ™is an open source, free web application firewall WAF Apache module. With over 70% of all attacks now carried out over the web application level, organizations need all the help they can get in making their systems secure. Changelog v2.8.0 Bug fix Build issue: Now using autotools to...

Apache/NGINX 下 PHP-FPM 或者 PHP-CGI 拒绝服务漏洞

使用标准cable/DSL连接，这种攻击可以使用标准的HTTP请求占满一台Linux web服务器的CPU和内存。这种攻击影响使用PHP-CGI或PHP-FPM（包含WordPress站点在内）解析PHP动态内容的Apache或者NGINX web服务器。另外，这种攻击制造的请求将会在攻击后的较长时间内继续占用服务器资源。 0 全版本 暂无 ?php !/usr/bin/php / File: phpstress.php Written by: d4rk0 / @d4rk0s Concept by: Vinny Troia / @VinnyTroia Night Lion Securit...

nginx 1.5.10 SPDY Memory Corruption

According to the self-reported version in the server response header, the installed nginx version is 1.5.10. It is, therefore, affected by a memory corruption vulnerability. A flaw exists with the SPDY module implementation, where worker process memory could be corrupted via a specially crafted...

OpenSSL -- NULL pointer dereference / DoS

OpenBSD and David Ramos reports: Applications that use SSLMODERELEASEBUFFERS, such as nginx/apache, are prone to a race condition which may allow a remote attacker to crash the current service...

CVE-2014-0088

The SPDY implementation in the ngxhttpspdymodule module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request...

CVE-2014-0088

The SPDY implementation in the ngxhttpspdymodule module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request...

Cross site request forgery (csrf)

The SPDY implementation in the ngxhttpspdymodule module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request...

UBUNTU-CVE-2014-0088

The SPDY implementation in the ngxhttpspdymodule module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request...

CVE-2014-0088

The SPDY implementation in the ngxhttpspdymodule module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request...

CVE-2014-0088

The CVE-2014-0088 issue affects nginx 1.5.10, where the SPDY-enabled ngx_http_spdy_module on 32-bit platforms allows remote code execution via a crafted request. The root cause is memory corruption in the SPDY module, leading to arbitrary code execution when processing crafted inputs. The vulnera...

CloudFlare Launches Bug Bounty Program

As the OpenSSL heartbleed saga unfolded over the last couple of weeks, one of the companies that was at the forefront of figuring out the scope and effects of the problem was CloudFlare. The company put up a challenge server, asking researchers to hit it with the heartbleed exploit to determine...

Automattic: Session Cookie without Secure flag set

vulnerability-Session Cookie without Secure flag set --------------------------------------- Vulnerability description This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL channels...

nginx < 1.4.7 / 1.5.12 SPDY Heap Buffer Overflow

According to the self-reported version in the server response header, the installed 1.3.x version of nginx is 1.3.15 or higher, or 1.4.x prior to 1.4.7, or 1.5.x prior to 1.5.12. It is, therefore, affected by a heap buffer overflow vulnerability. A flaw exists with the SPDY protocol implementatio...