6233 matches found
CVE-2013-2028
The ngxhttpparsechunked function in http/ngxhttpparse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service crash and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based...
CVE-2013-2070
http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...
CVE-2013-2070
The CVE concerns nginx proxying behavior and chunked transfer handling. Affected product: nginx with the proxy module/http parsing paths noted in CVE-2013-2070 (versions 1.1.4–1.2.8 and 1.3.0–1.4.0) when proxy_pass is used to untrusted upstream HTTP servers. Root cause: crafted proxy responses ca...
nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
nginx version 1.3.9 and 1.4.0 x86 brute force proof of concept remote exploit that spawns a reverse shell. nginx 1.3.9/1.4.0 x86 brute force remote exploit copyright c 2013 kingcope ---------------------------- fix for internet exploitation, set MTU: ifconfig mtu 60000 up !!! WARNING !!! this...
nginx 1.3.9 / 1.4.0 x86 Brute Force Proof Of Concept
nginx 1.3.9/1.4.0 x86 brute force remote exploit copyright c 2013 kingcope ---------------------------- fix for internet exploitation, set MTU: ifconfig mtu 60000 up !!! WARNING !!! this exploit is unlikely to succeed when used against remote internet hosts. the reason is that nginx uses a...
nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
No description provided by source. nginx 1.3.9/1.4.0 x86 brute force remote exploit copyright c 2013 kingcope ---------------------------- fix for internet exploitation, set MTU: ifconfig interface mtu 60000 up !!! WARNING !!! this exploit is unlikely to succeed when used against remote internet...
Nginx 1.3.91.4.0 (x86) - Brute Force
Nginx 1.3.91.4.0 x86 - Brute Force nginx 1.3.9/1.4.0 x86 brute force remote exploit copyright c 2013 kingcope ---------------------------- fix for internet exploitation, set MTU: ifconfig mtu 60000 up !!! WARNING !!! this exploit is unlikely to succeed when used against remote internet hosts. the...
Nginx 1.3.9/1.4.0 (x86) - Brute Force
nginx 1.3.9/1.4.0 x86 brute force remote exploit copyright c 2013 kingcope ---------------------------- fix for internet exploitation, set MTU: ifconfig mtu 60000 up !!! WARNING !!! this exploit is unlikely to succeed when used against remote internet hosts. the reason is that nginx uses a...
[SECURITY] [DSA 2721-1] nginx security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2721-1 [email protected] http://www.debian.org/security/ Nico Golde July 07, 2013 http://www.debian.org/security/faq -...
nginx buffer overflow
Buffer overflow on proxypass upstream HTTP server response processing. Buffer overflow on chunked response parsing...
Debian DSA-2721-1 : nginx - buffer overflow
A buffer overflow has been identified in nginx, a small, powerful, scalable web/proxy server, when processing certain chunked transfer encoding requests if proxypass to untrusted upstream HTTP servers is used. An attacker may use this flaw to perform denial of service attacks, disclose worker...
[SECURITY] [DSA 2721-1] nginx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2721-1 [email protected] http://www.debian.org/security/ Nico Golde July 07, 2013 http://www.debian.org/security/faq - -------------------------------------------------------------------------...
Debian Security Advisory DSA 2721-1 (nginx - buffer overflow)
A buffer overflow has been identified in nginx, a small, powerful, scalable web/proxy server, when processing certain chunked transfer encoding requests if proxypass to untrusted upstream HTTP servers is used. An attacker may use this flaw to perform denial of service attacks, disclose worker...
DSA-2721-1 nginx - nginx security update
Bulletin has no description...
Debian: Security Advisory (DSA-2721-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
La Cala is another sub-Station command execution vulnerabilities included cross-site threat-vulnerability warning-the black bar safety net
Brief description: Test La Cala a sub-Station, and found the pull Station using THINKPHP open source framework, there is still some risk. Does not affect the customer data, the hazard rating. Detailed description: 1 Nginx service end is not a reasonable configuration to cause arbitrary PHP script...
nginx url decoded trigger the waf vulnerability-vulnerability warning-the black bar safety net
Last year found the ngx a bug, and until recently air only wrote this post. Nginx ngxunescapeuri function in the processing of url decode when not follow the standard url decode, causing a range use this function to decode the waf There are bypass vulnerability The problem occurs in the function ...
MGASA-2013-0160 Updated nginx package fixes security vulnerability
A security problem related to CVE-2013-2028 was identified, affecting some previous nginx versions if proxypass to untrusted upstream HTTP servers is used. The problem may lead to a denial of service or a disclosure of a worker process memory on a specially crafted response from an upstream proxi...
Updated nginx package fixes security vulnerability
A security problem related to CVE-2013-2028 was identified, affecting some previous nginx versions if proxypass to untrusted upstream HTTP servers is used. The problem may lead to a denial of service or a disclosure of a worker process memory on a specially crafted response from an upstream proxi...
EasyTalk微博客官网可被入侵并且添加源码后门
简要描述: 成功的入侵事件,可添加源代码后门。 详细说明: nginx解析问题 漏洞证明:...