5155 matches found
Redis Remote Command Execution
From time to time I get security reports about Redis. It’s good to get reports, but it’s odd that what I get is usually about things like Lua sandbox escaping, insecure temporary file creation, and similar issues, in a software which is designed as we explain in our security page here...
eyou某服务器配置不当(存在被Getshell风险)
简要描述: eyou某服务器配置不当,存在被getshell风险 详细说明: 在已知mail.you.net web绝对路径情况下。 可使用redis写文件。getshell。 漏洞证明:...
openSUSE Security Update : redis (openSUSE-2015-634)
redis was updated to version 2.8.22 boo934048 to fix a LUA sandbox update. CVE-2015-4335 Details can be found on http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-esc ape/ For the other changes see in the package: /usr/share/doc/packages/redis/00-RELEASENOTES %NASLMINLEVEL 70300 ...
[SECURITY] Fedora 23 Update: php-doctrine-cache-1.4.2-1.fc23
Cache component extracted from the Doctrine Common project. Optional: APC php-pecl-apc Couchbase http://pecl.php.net/package/couchbase Memcache php-pecl-memcache Memcached php-pecl-memcached MongoDB php-pecl-mongo Redis php-pecl-redis Riak http://pecl.php.net/package/riak XCache php-xcache...
[SECURITY] Fedora 22 Update: php-doctrine-cache-1.4.2-1.fc22
Cache component extracted from the Doctrine Common project. Optional: APC php-pecl-apc Couchbase http://pecl.php.net/package/couchbase Memcache php-pecl-memcache Memcached php-pecl-memcached MongoDB php-pecl-mongo Redis php-pecl-redis Riak http://pecl.php.net/package/riak XCache php-xcache...
[SECURITY] Fedora 21 Update: php-doctrine-cache-1.4.2-1.fc21
Cache component extracted from the Doctrine Common project. Optional: APC php-pecl-apc Couchbase http://pecl.php.net/package/couchbase Memcache php-pecl-memcache Memcached php-pecl-memcached MongoDB php-pecl-mongo Redis php-pecl-redis Riak http://pecl.php.net/package/riak XCache php-xcache...
Redis 未授权访问 PoC
Redis是一个开源的使用ANSI C语言编写、支持网络、可基于内存亦可持久化的日志型、Key-Value数据库,并提供多种语言的API。redis 默认不需要密码即可访问,黑客直接访问即可获取数据库中所有信息,造成严重的信息泄露。...
Moderate: Red Hat Security Advisory: redis security advisory
Updated redis packages that fix a security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
redis: Lua sandbox escape and arbitrary code execution
A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system...
Nosql Exploitation Framework
The Tool focuses on scanning and exploiting NoSQL Databases which makes the pentesters life easy. The tool currently has support for Mongo,Couch-db and Redis,with further additions to be made soon.It supports Enumerating NoSQL Db’s,Dumping Nosql db’s,Dictionary attacks and Shodan Search...
Fedora 21 : redis-2.8.21-1.fc21 (2015-9488)
Upstream 2.8.21 RHBZ 1228245 - Fix Lua sandbox escape and arbitrary code execution RHBZ 1228331 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
Fedora 22 : redis-2.8.21-1.fc22 (2015-9498)
Upstream 2.8.21 - Fix Lua sandbox escape and arbitrary code execution RHBZ 1228331 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
[SECURITY] Fedora 22 Update: redis-2.8.21-1.fc22
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
[SECURITY] Fedora 21 Update: redis-2.8.21-1.fc21
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
Fedora Update for redis FEDORA-2015-9488
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for redis FEDORA-2015-9498
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2015-0244 Updated redis package fixes security vulnerability
It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code CVE-2015-4335...
Updated redis package fixes security vulnerability
It was discovered that redis, a persistent key-value database, could execute insecure Lua bytecode by way of the EVAL command. This could allow remote attackers to break out of the Lua sandbox and execute arbitrary code CVE-2015-4335...
Redis EVAL Lua Sandbox Security Bypass Vulnerability
Redis is an open source memory-based and key-value pair storage the simplest form of database organization database system. Redis has a security vulnerability that allows a remote attacker to bypass certain security restrictions by submitting a special eval command to execute arbitrary Lua byteco...
DEBIAN-CVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...