Numbers game: Exploring IntegerOverflow vulnerability in a popular nginx web server.

By @aLLy , Wallarm Research There was a very interesting vulnerability discovered in nginx, one of the most popular web/proxy/load balancing servers. This vulnerability leaks information about the application behind the nginx proxy. For example, a specially formed request can retrieve information...

vulners.com: [vulners.com] nginx alias_traversal

Incorrect configuration of alias could allow an attacker to read file stored outside the target folder. https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md Уязвимость только в конфигурации http, на https такого нет. Пример: http GET /static../monit/COPYING HTTP/1.1 Host:...

Coalition, Inc.: Non-Cloudflare IPs allowed to access origin servers

Hello Security Team, Summary: Like report 255978 It is possible to access origin servers served by nginx and not cloudflare. Description: Even though these IP's don't serve a functional version of the app it is possible to enable DDoS attacks by bypassing cloudflare protections. Steps To Reproduc...

Code injection

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...

CVE-2018-1299

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...

CVE-2018-1299

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...

CVE-2018-1299

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...

Mail.ru: [mobs.mail.ru] nginx path traversal via misconfigured alias

Domain, site, application -- mobs.mail.ru Steps to reproduce -- http://mobs.mail.ru/media../mobs/settings.py Actual results -- py ... SECRETKEY = '████████████' ... DISTIMOPRIVATEKEY = '████████████' ... PoC, exploit code, screenshots, video, references, additional resources --...

Debian: Security Advisory (DLA-1024-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nginx HTTP Server Detection

Nessus was able to detect the nginx HTTP server by looking at the HTTP banner on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid106375; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/05/24"; scriptxrefname:"IAVT...

Default nginx HTTP Server Settings

The remote webserver contains default settings such as enabled server tokens and/or default files such as the default index or error pages. These items could potentially leak useful information about the server installation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

nginx < 1.13.3 Integer Overflow Vulnerability

This plugin has been deprecated since it duplicates plugin ID 118151 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2020/04/27. Deprecated by sambarcgipathdisclosure.nasl. include'compat.inc'; if description scriptid105359; scriptversion"1.14";...

Linux Expl0rer - Easy-To-Use Live Forensics Toolbox For Linux Endpoints

Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask. Capabilities ps View full process list Inspect process memory map & fetch memory strings easly Dump process memory in one click Automaticly search hash in public services VirusTotal AlienVault OTX users users list...

net-Shield - An Easy and Simple Anti-DDoS solution for VPS, Dedicated Servers and IoT devices

An Easy and Simple Anti-DDoS solution for VPS,Dedicated Servers and IoT devices based on iptables. Requirements Linux System with python, iptables Nginx Will be installed automatically by install.sh Quickstart Running as a standalone software No install.sh required via DryRun option -dry to only...

Unikrn: session_id is not being validated at email invitation endpoint

sessionid is not being validated at email invitation endpoint request sample: POST /apiv1/inviteemail HTTP/1.1 Host: unikrn.com User-Agent: Mozilla/5.0 Windows NT 6.1; Win64; x64; rv:57.0 Gecko/20100101 Firefox/57.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5...

OWOX, Inc.: Server-side cache poisoning leads to the http://my.dev.owox.com inaccessibility

By using single specially crafted URL, it was possible to cause service inaccessibility for all users who will visit the site, as result of infinite redirect loop. I discovered an issue, when by using single specially crafted URL, it was possible to cause service inaccessibility for all users who...

Critical Photon OS Security Update - PHSA-2017-0078

Updates of 'dosfstools', 'git', 'libgcrypt', 'mercurial', 'linux', 'mysql', 'ncurses', 'gnutls', 'dnsmasq', 'apache- tomcat', 'binutils', 'c-ares', 'linux-esx', 'nginx', 'mesos', 'libtasn1' packages of Photon OS have been released...

3CX Phone System 15.5.3554.1 Directory Traversal

Title: ====== 3CX Phone System - Authenticated Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-15359 Risk Information: ================= CVSS Base Score: 6.8 CVSS Vector: CVSS3AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Timeline:...

GLSA-201606-06 : nginx: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201606-06 nginx: Multiple vulnerabilities Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service...

Aspen: Information leakage on django.aspen.io

Hi Team, I got a error message that disclose the version of nginx with OS detail, since The version of nginx is vulnerable to integer overflow. Impact: By seeing this information attacker can throw only interger overflow attack in order to get sensitive information Finally Request you to remove...