Lucene search
K

71 matches found

BDU FSTEC
BDU FSTEC
added 2022/08/22 12:0 a.m.5 views

The vulnerability of the njs_array_convert_to_slow_array function (src/njs_array.c) in the NJS interpreter of the nginx server allows a attacker to increase their privileges.

The vulnerability of the njsarrayconverttoslowarray function src/njsarray.c in the njs interpreter of the nginx server involves an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

5.5CVSS6AI score0.00613EPSS
Exploits1References5Affected Software1
Huntr
Huntr
added 2022/07/26 8:33 p.m.26 views

Improper Input Validation Leads to Privilege Escalation and Denial of Service

Description Improper input validation allows an attacker to privilege escalation and can make crash nginx server. There is no input validation in the v-add-web-domain-redirectL82, and "v-redirect-custom" input on the "Edit Web Domain" page, inputs are written directly to the...

6.5CVSS0.01076EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.7 views

Vulnerability of the njs_value_to_number() function (src/njs_value_conversion.h) in the njs interpreter of the nginx server, allowing a hacker to execute arbitrary code

The vulnerability of the njsvaluetonumber function src/njsvalueconversion.h in the njs interpreter of the nginx server is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

7.5CVSS8AI score0.00783EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.5 views

Vulnerability of the njs_utf8_next() function (src/njs_utf8.h) in the njs interpreter of the nginx server, allowing a attacker to execute arbitrary code

The vulnerability of the njsutf8next function src/njsutf8.h in the njs interpreter of the nginx server is related to the execution of an operation outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

7.5CVSS8AI score0.00903EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.7 views

Vulnerability of the njs_scope_value() function (njs_scope.h) in the njs interpreter of the nginx server, allowing a hacker to execute arbitrary code

The vulnerability of the njsscopevalue function njsscope.h in the njs interpreter of the nginx server is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

7.5CVSS8.4AI score0.01029EPSS
Exploits2References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.4 views

Vulnerability of the njs_value_own_enumerate() function (src/njs_value.c) in the njs interpreter of the nginx server, allowing a hacker to execute arbitrary code

The vulnerability of the njsvalueownenumerate function src/njsvalue.c in the njs interpreter of the nginx server is related to the execution of an operation outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

7.5CVSS8AI score0.00783EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.11 views

The vulnerability of the njs_vmcode_interpreter function (src/njs_vmcode.c) in the njs interpreter of the nginx server allows a hacker to cause a service failure.

The vulnerability of the njsvmcodeinterpreter function src/njsvmcode.c in the njs interpreter of the nginx server involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

5.5CVSS5.9AI score0.00613EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.3 views

Nginx 缓冲区错误漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx, Inc. njs is a scripting language component that extends the functionality of NGINX. A security vulnerability exists in Nginx NJS 0.7.4, which stems from an out-of-bounds read of njsscopevalue in th...

9.1CVSS8.1AI score0.01029EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2022/07/06 12:0 a.m.6 views

The vulnerability of the njs_set_number() function in the njs interpreter of the nginx server allows a hacker to cause a service failure.

The vulnerability of the njssetnumber function in the njs interpreter of the nginx server is related to the issue of operations going beyond the buffer in memory when input data is not properly cleared. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

7.8CVSS6.2AI score0.0028EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/28 12:0 a.m.6 views

The vulnerability of the njs_function_frame_alloc() function in the njs interpreter of the nginx server allows attackers to compromise the confidentiality, integrity, and accessibility of information.

The vulnerability of the njsfunctionframealloc function in the njs interpreter of the nginx server is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of information...

10CVSS7.8AI score0.01591EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/28 12:0 a.m.5 views

The vulnerability of the Array.prototype.concat() function in the njs interpreter on the nginx server allows a hacker to cause a service failure.

The vulnerability of the Array.prototype.concat function in the njs interpreter on the nginx server is related to the execution of the operation beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

7.8CVSS7.7AI score0.01698EPSS
Exploits1References3Affected Software1
Gitee
Gitee
added 2021/09/13 4:53 p.m.3 views

vulhubdocker2

This repository is an open-source project for vulnerability research and training, specifically targeting various web applications and services. It is a collection of vulnerable environments and tools for testing and learning about common web application vulnerabilities. The repository contains a...

7AI score
Exploits0
Redos
Redos
added 2021/09/08 12:0 a.m.6 views

ROS-2-1978

2.1978 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.8CVSS7.9AI score0.99295EPSS
Exploits91
Redos
Redos
added 2021/09/08 12:0 a.m.18 views

ROS-2-1754

2.1754 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS9.9AI score0.52838EPSS
Exploits10
Redos
Redos
added 2021/09/08 12:0 a.m.35 views

ROS-2-1347

2.1347 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS8.5AI score0.52838EPSS
Exploits10
Redos
Redos
added 2021/09/08 12:0 a.m.6 views

ROS-2-2202

2.2202 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

7.7CVSS9.9AI score0.52838EPSS
Exploits10
BDU FSTEC
BDU FSTEC
added 2021/06/15 12:0 a.m.7 views

The vulnerability of the nginx HTTP-server’s range filter module allows attackers to disclose sensitive information.

The vulnerability of the nginx HTTP server’s range filter module is due to a numerical overflow condition. Exploiting this vulnerability allows an attacker, operating remotely, to disclose sensitive information through a specially crafted request...

7.8CVSS6.5AI score0.62597EPSS
Exploits6References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/04/21 12:0 a.m.4 views

The vulnerability of the njs interpreter on the nginx server, which allows attackers to cause service failures.

The vulnerability of the njs interpreter on the nginx server is related to reading beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

6.5CVSS7AI score0.01305EPSS
Exploits1References5Affected Software2
Kitploit
Kitploit
added 2021/03/13 8:30 p.m.183 views

HTTP Bridge - Send TCP Stream Packets Over Simple HTTP Request

I've wrote this program as a proof of concept to test the idea of be able to send tcp stream packets over simple http request like PUT, PATCH, POST, GET, without use a proxy way like CONNECT method. Also as a practice exercise to train my novice skill on rust language. Description These tool is...

7AI score
Exploits0References3
Imperva Blog
Imperva Blog
added 2019/10/30 11:3 a.m.585 views

Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events

On October 22, security researcher Omar Ganiev published a tweet regarding remote code execution vulnerability in PHP-FPM the FastCGI Process Manager running on the Nginx server. The tweet includes a link to a GitHub repository with an explanation of the vulnerability and a PoC proof-of-concept f...

7.5CVSS10AI score0.9947EPSS
Exploits54
Rows per page
Query Builder