71 matches found
The vulnerability of the njs_array_convert_to_slow_array function (src/njs_array.c) in the NJS interpreter of the nginx server allows a attacker to increase their privileges.
The vulnerability of the njsarrayconverttoslowarray function src/njsarray.c in the njs interpreter of the nginx server involves an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to increase their privileges...
Improper Input Validation Leads to Privilege Escalation and Denial of Service
Description Improper input validation allows an attacker to privilege escalation and can make crash nginx server. There is no input validation in the v-add-web-domain-redirectL82, and "v-redirect-custom" input on the "Edit Web Domain" page, inputs are written directly to the...
Vulnerability of the njs_value_to_number() function (src/njs_value_conversion.h) in the njs interpreter of the nginx server, allowing a hacker to execute arbitrary code
The vulnerability of the njsvaluetonumber function src/njsvalueconversion.h in the njs interpreter of the nginx server is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Vulnerability of the njs_utf8_next() function (src/njs_utf8.h) in the njs interpreter of the nginx server, allowing a attacker to execute arbitrary code
The vulnerability of the njsutf8next function src/njsutf8.h in the njs interpreter of the nginx server is related to the execution of an operation outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Vulnerability of the njs_scope_value() function (njs_scope.h) in the njs interpreter of the nginx server, allowing a hacker to execute arbitrary code
The vulnerability of the njsscopevalue function njsscope.h in the njs interpreter of the nginx server is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Vulnerability of the njs_value_own_enumerate() function (src/njs_value.c) in the njs interpreter of the nginx server, allowing a hacker to execute arbitrary code
The vulnerability of the njsvalueownenumerate function src/njsvalue.c in the njs interpreter of the nginx server is related to the execution of an operation outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the njs_vmcode_interpreter function (src/njs_vmcode.c) in the njs interpreter of the nginx server allows a hacker to cause a service failure.
The vulnerability of the njsvmcodeinterpreter function src/njsvmcode.c in the njs interpreter of the nginx server involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
Nginx 缓冲区错误漏洞
Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx, Inc. njs is a scripting language component that extends the functionality of NGINX. A security vulnerability exists in Nginx NJS 0.7.4, which stems from an out-of-bounds read of njsscopevalue in th...
The vulnerability of the njs_set_number() function in the njs interpreter of the nginx server allows a hacker to cause a service failure.
The vulnerability of the njssetnumber function in the njs interpreter of the nginx server is related to the issue of operations going beyond the buffer in memory when input data is not properly cleared. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the njs_function_frame_alloc() function in the njs interpreter of the nginx server allows attackers to compromise the confidentiality, integrity, and accessibility of information.
The vulnerability of the njsfunctionframealloc function in the njs interpreter of the nginx server is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of information...
The vulnerability of the Array.prototype.concat() function in the njs interpreter on the nginx server allows a hacker to cause a service failure.
The vulnerability of the Array.prototype.concat function in the njs interpreter on the nginx server is related to the execution of the operation beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
vulhubdocker2
This repository is an open-source project for vulnerability research and training, specifically targeting various web applications and services. It is a collection of vulnerable environments and tools for testing and learning about common web application vulnerabilities. The repository contains a...
ROS-2-1978
2.1978 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-1754
2.1754 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-1347
2.1347 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-2202
2.2202 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
The vulnerability of the nginx HTTP-server’s range filter module allows attackers to disclose sensitive information.
The vulnerability of the nginx HTTP server’s range filter module is due to a numerical overflow condition. Exploiting this vulnerability allows an attacker, operating remotely, to disclose sensitive information through a specially crafted request...
The vulnerability of the njs interpreter on the nginx server, which allows attackers to cause service failures.
The vulnerability of the njs interpreter on the nginx server is related to reading beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
HTTP Bridge - Send TCP Stream Packets Over Simple HTTP Request
I've wrote this program as a proof of concept to test the idea of be able to send tcp stream packets over simple http request like PUT, PATCH, POST, GET, without use a proxy way like CONNECT method. Also as a practice exercise to train my novice skill on rust language. Description These tool is...
Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events
On October 22, security researcher Omar Ganiev published a tweet regarding remote code execution vulnerability in PHP-FPM the FastCGI Process Manager running on the Nginx server. The tweet includes a link to a GitHub repository with an explanation of the vulnerability and a PoC proof-of-concept f...