Security Handlebars 4.1.2: Command Execution Escaping the Handlebars 4.1.2 sandbox to get code eval/RCE
Security Bypassing MaxScale's Firewall and Masking Rules Learn how to bypass MaxScale's Firewall and Masking filters using SQL comments
Security Prevent Tab-Nabbing with Minimal Overhead Prevent tab-nabbing attacks using this simple Javascript function
Security VestaCP - Root Privilege Escalation VestaCP currently has a bug that allows root privilege escalation using PHP. Background: Even with stats disabled, the following line is found in /home/<user>/conf/web/nginx.
Security Root your box with W3TC and Nginx Several guides for integrating everybody's favorite caching plugin for Wordpress with Nginx tell you to include something like this in your nginx configuration: location / { include /var/www/wordpress/nginx.conf;
Security [CVE-2016-5483] Galera Remote Command Execution via crafted database name mysqldump is a common utility used to create logical backups of MySQL databases and one of the SST methods used by Galera to bring out-of-sync nodes back into the cluster.
Security [CVE-2016-5483] Backdooring mysqldump backups mysqldump is a common utility used to create logical backups of MySQL databases. By default, it generates a .sql file containing the queries to create/drop tables and insert your
Security Insecure Defaults - Exploiting LOAD DATA LOCAL INFILE Although it is documented that the default binary distributions of MySQL/MariaDB/Percona all seem to be compiled with allow local infile enabled, the warning is misleading: The transfer of
Security Node.JS Request Smuggling The Node HTTP Client checks for invalid characters such as new lines that can be used to perform HTTP Smuggling attacks, however, the rules for the path option are quite
![[CVE-2016-5483] Galera Remote Command Execution via crafted database name](/content/images/size/w600/2016/10/tarq-galera-rce-shell.png)
![[CVE-2016-5483] Backdooring mysqldump backups](/content/images/size/w600/2016/10/tarq-backup-backdoor-shell.png)
