6215 matches found
[SECURITY] Fedora 17 Update: nginx-1.0.15-2.fc17
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
[BSA-069] Security Update for NGINX
Hi. I uploaded new packages for nginx which fixed the following security problems: CVE-2012-2089 - nginx -- arbitrary code execution in mp4 pseudo-streaming module A flaw was reported in the nginx standard mp4 pseudo-streaming module. A specially-crafted mp4 file could allow for the overwriting o...
shopex旗下易开店官网被黑
简要描述: 在线演示站点后台管理权限太大 详细说明: 后台管理权限太大,没有像其他演示站一样好好的管理权限。其他的问题一起发出来了,虽然没成功利用。shopex官方的服务器存在nginx解析问题,注意下nginx的nginx。conf的配置 漏洞证明: http://www.ekaidian.com/wwwscan.php...
DokuWiki Ver.2012/01/25 CSRF Add User Exploit
DokuWiki Ver.2012/01/25 Latest Version CSRF Add User Exploit Discovered by : Khashayar Fereidani Team Website : HTTP://IRCRASH.COM IRCRASH Security Community Facebook : http://facebook.com/fereidani Twitter : https://twitter.com/!/IRCRASH Facebook Page :...
DocuWiki 2012/01/25 Cross Site Request Forgery / Cross Site Scripting
DokuWiki Ver.2012/01/25 Latest Version CSRF Add User Exploit Discovered by : Khashayar Fereidani Team Website : HTTP://IRCRASH.COM IRCRASH Security Community Facebook : http://facebook.com/fereidani Twitter : https://twitter.com/!/IRCRASH Facebook Page :...
DocuWiki 2012/01/25 CSRF / XSS
Exploit for php platform in category web applications DokuWiki Ver.2012/01/25 Latest Version CSRF Add User Exploit Discovered by : Khashayar Fereidani Team Website : HTTP://IRCRASH.COM IRCRASH Security Community Facebook : http://facebook.com/fereidani Twitter : https://twitter.com/!/IRCRASH...
CVE-2012-2089
Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4 file...
CVE-2012-1180
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request...
DEBIAN-CVE-2012-1180
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request...
CVE-2012-2089
Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4 file...
DEBIAN-CVE-2012-2089
Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4 file...
CVE-2012-1180
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request...
CVE-2012-2089
Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4 file...
CVE-2012-1180
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request...
Design/Logic Flaw
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request...
Buffer overflow
Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4 file...
CVE-2012-1180
CVE-2012-1180 affects nginx older branches: use-after-free in memory handling allows a remote HTTP server to obtain sensitive information from process memory via a crafted backend response in conjunction with a client request. Affected: nginx before 1.0.14 and 1.1.x before 1.1.17. Impact details ...
CVE-2012-2089
The CVE-2012-2089 issue affects nginx and is caused by a buffer overflow in ngx_http_mp4_module.c when the mp4 directive is used. Affected versions are nginx 1.0.7–1.0.14 and 1.1.3–1.1.18, potentially leading to memory overwrite, denial of service, or remote code execution. Remediation in the con...
CVE-2012-1180
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request...
CVE-2012-2089
Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service memory overwrite or possibly execute arbitrary code via a crafted MP4 file...