Nginx 1.4.0 (Generic Linux x64) - Remote Overflow

Nginx 1.4.0 Generic Linux x64 - Remote Overflow nginx = 1.4.0 exploit for CVE-2013-2028 by sorbo Fri Jul 12 14:52:45 PDT 2013 ./brop.rb 127.0.0.1 for remote hosts: ./frag.sh ip ./brop.rb ip rm state.bin when changing host or relaunching nginx with canaries scan.py will find servers, reading IPs...

Nginx 1.4.0 (Generic Linux x64) - Remote Overflow

nginx = 1.4.0 exploit for CVE-2013-2028 by sorbo Fri Jul 12 14:52:45 PDT 2013 ./brop.rb 127.0.0.1 for remote hosts: ./frag.sh ip ./brop.rb ip rm state.bin when changing host or relaunching nginx with canaries scan.py will find servers, reading IPs from ips.txt This is a generic exploit for 64-bit...

FreeBSD : nginx -- SPDY memory corruption (89db3b31-a4c3-11e3-978f-f0def16c5c1b)

The nginx project reports : A bug in the experimental SPDY implementation in nginx 1.5.10 was found, which might allow an attacker to corrupt worker process memory by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0088. The problem only affects nginx...

GnuTLS certificate verification security vulnerability found

GnuTLS, an open source SSL and TLS implementation used in hundreds of software packages including Red Hat desktop and server products and all Debian and Ubuntu Linux distributions, is the latest crypto package to improperly verify digital certificates as authentic. The vulnerability, discovered a...

nginx -- SPDY memory corruption

The nginx project reports: A bug in the experimental SPDY implementation in nginx 1.5.10 was found, which might allow an attacker to corrupt worker process memory by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0088. The problem only affects nginx...

Stark CRM多个安全漏洞

Bugtraq ID:65710 Stark CRM是一款PHP客户关系管理系统。 Stark CRM存在多个存储型跨站脚本和跨站请求伪造漏洞，允许远程攻击者利用漏洞构建恶意URI，诱使用户解析，可获取敏感信息或以目标用户上下文执行恶意操作。 0 Stark CRM 1.0 目前没有详细解决方案提供： http://www.iwcn.ws Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities Vendor: IWCn Systems Inc. Product web page:...

Stark CRM 1.0 Script Injection / Session Riding

Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities Vendor: IWCn Systems Inc. Product web page: http://www.iwcn.ws Affected version: 1.0 Summary: This is a light weight CRM which simplifies process of managing staff, client and projects. Desc: Multiple stored XSS and CSRF...

Stark CRM 1.0 - Multiple Vulnerabilities

Stark CRM 1.0 - Multiple Vulnerabilities Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities Vendor: IWCn Systems Inc. Product web page: http://www.iwcn.ws Affected version: 1.0 Summary: This is a light weight CRM which simplifies process of managing staff, client and...

Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities

Summary This is a light weight CRM which simplifies process of managing staff, client and projects. Description Multiple stored XSS and CSRF vulnerabilities exist when parsing user input to several POST parameters. The application allows users to perform certain actions via HTTP requests without...

Stark CRM 1.0 - Multiple Vulnerabilities

Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities Vendor: IWCn Systems Inc. Product web page: http://www.iwcn.ws Affected version: 1.0 Summary: This is a light weight CRM which simplifies process of managing staff, client and projects. Desc: Multiple stored XSS and CSRF...

ShopEx短信通系统sql注入（POST）

简要描述： ShopEx无线营销系统，1400多个库 详细说明： 网站： http://live.shopex.cn/ 注入点 http://live.shopex.cn:80/index.php/passport/passport/selregion POST 参数pregionid sqlmap identified the following injection points with a total of 80 HTTPs requests: --- Place: custom POST Parameter: 1 Type: boolean-based blind Title:...

ShopEx分销平台sql注入漏洞导致用户信息泄露

简要描述： ShopEx分销平台sql注入 详细说明： 注入点： http://www.fengxiaowang.cn:80/article.php?aaid= GET sqlmap identified the following injection points with a total of 184 HTTPs requests: --- Place: URI Parameter: 1 Type: UNION query Title: MySQL UNION query NULL - 7 columns Payload:...

[SECURITY] Fedora 20 Update: nginx-1.4.4-1.fc20

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Fedora 20 : nginx-1.4.4-1.fc20 (2013-22026)

Update to the latest version - Upstream changelog can be found at http://nginx.org/en/CHANGES-1.4 - Security fix BZ 1032267 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

Fedora 20 : monitorix-3.4.0-1.fc20 (2013-22649)

3.4.0 - 02-Dec-2013 ==================== - Added a complete statistical Memcached graph. 27 - Added support for different BIND stats versions 2 and 3 right now. thanks to Ivo Brhel, ivb AT volny.cz - Added two new alerts in the 'disk' graph in order to know if a disk drive has exceeded or reached...

Fedora 19 : monitorix-3.4.0-1.fc19 (2013-22677)

3.4.0 - 02-Dec-2013 ==================== - Added a complete statistical Memcached graph. 27 - Added support for different BIND stats versions 2 and 3 right now. thanks to Ivo Brhel, ivb AT volny.cz - Added two new alerts in the 'disk' graph in order to know if a disk drive has exceeded or reached...

Preemptive Protection against Nginx Request URI Verification Security Bypass (CVE-2013-4547)

A security bypass vulnerability has been reported in Nginx...

Amazon Linux AMI : nginx (ALAS-2013-249)

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory...

Fedora Update for nginx FEDORA-2013-21826

Check for the Version of nginx OpenVAS Vulnerability Test Fedora Update for nginx FEDORA-2013-21826 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Fedora Update for nginx FEDORA-2013-21826

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...