Security VestaCP - Root Privilege Escalation VestaCP currently has a bug that allows root privilege escalation using PHP. Background: Even with stats disabled, the following line is found in /home/<user>/conf/web/nginx.conf: include /home/
Security Root your box with W3TC and Nginx Several guides for integrating everybody's favorite caching plugin for Wordpress with Nginx tell you to include something like this in your nginx configuration: location / { include /var/www/wordpress/nginx.conf; } At the time
Security [CVE-2016-5483] Galera Remote Command Execution via crafted database name mysqldump is a common utility used to create logical backups of MySQL databases and one of the SST methods used by Galera to bring out-of-sync nodes back into the cluster. Using an evil
Security [CVE-2016-5483] Backdooring mysqldump backups mysqldump is a common utility used to create logical backups of MySQL databases. By default, it generates a .sql file containing the queries to create/drop tables and insert your data. By crafting
Security Insecure Defaults - Exploiting LOAD DATA LOCAL INFILE Although it is documented that the default binary distributions of MySQL/MariaDB/Percona all seem to be compiled with allow local infile enabled, the warning is misleading: The transfer of the file from
Security Node.JS Request Smuggling The Node HTTP Client checks for invalid characters such as new lines that can be used to perform HTTP Smuggling attacks, however, the rules for the path option are quite relaxed. By combining