Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phusion vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2014-1832
Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.
Phusion Passenger
7.5
CVSSv2
CVE-2013-7134
Juvia uses the same secret key for all installations, which allows remote malicious users to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies.
Phusion Juvia -
4.4
CVSSv2
CVE-2013-4136
ext/common/ServerInstanceDir.h in Phusion Passenger gem prior to 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
Phusion Passenger 4.0.2
Phusion Passenger
Phusion Passenger 4.0.4
Phusion Passenger 4.0.3
Phusion Passenger 4.0.1
5
CVSSv2
CVE-2013-4961
Puppet Enterprise prior to 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote malicious users to obtain sensitive information.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
5
CVSSv2
CVE-2002-0288
Directory traversal vulnerability in Phusion web server 1.0 allows remote malicious users to read arbitrary files via a ... (triple dot dot) in the HTTP request.
Bbshareware.com Phusion Webserver 1.0
2 EDB exploits
1 Github repository
5
CVSSv2
CVE-2002-0289
Buffer overflow in Phusion web server 1.0 allows remote malicious users to cause a denial of service and execute arbitrary code via a long HTTP request.
Bbshareware.com Phusion Webserver 1.0
2 EDB exploits
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2