Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phusion vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-1832
Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.
Phusion Passenger
NA
CVE-2013-7134
Juvia uses the same secret key for all installations, which allows remote malicious users to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies.
Phusion Juvia -
NA
CVE-2013-4136
ext/common/ServerInstanceDir.h in Phusion Passenger gem prior to 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
Phusion Passenger 4.0.2
Phusion Passenger
Phusion Passenger 4.0.4
Phusion Passenger 4.0.3
Phusion Passenger 4.0.1
NA
CVE-2013-4961
Puppet Enterprise prior to 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote malicious users to obtain sensitive information.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
NA
CVE-2002-0288
Directory traversal vulnerability in Phusion web server 1.0 allows remote malicious users to read arbitrary files via a ... (triple dot dot) in the HTTP request.
Bbshareware.com Phusion Webserver 1.0
2 EDB exploits
1 Github repository
NA
CVE-2002-0289
Buffer overflow in Phusion web server 1.0 allows remote malicious users to cause a denial of service and execute arbitrary code via a long HTTP request.
Bbshareware.com Phusion Webserver 1.0
2 EDB exploits
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2