6404 matches found
nginx 8.3 Filename Alias Request Access Rules / Authentication Bypass
Binary data 5562.prm...
nginx information leak
It's possible to access page source code by adding 20 to URI...
Nginx 0.8.35 Space Character Remote Source Disclosure
Securitylab.ir Application Info: Name: Nginx Tested on nginx 0.8.35 Nginx 0.8.36 and higher is not vulnerable Vulnerability Info: Type: Remote File Disclosure Risk: High Vulnerability: http://localhost/file.php20 Discoverd By: Pouya Daneshmand Website: http://Pouya.Securitylab.ir Contacts:...
nginx [engine x] http server <= 0.6.36 Path Draversal
No description provided by source. Exploit Title: nginx engine x http server = 0.6.36 Path Draversal Date: 20/05/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.com | www.DigitalWhisper.co.il http://www.DigitalWhisper.co.il Software Link: http://nginx.org/ Version: = 0.6.36 Tested on: Win32 Path...
Nginx 0.8.35 Space Character Remote Source Disclosure
No description provided by source. Securitylab.ir Application Info: Name: Nginx Tested on nginx 0.8.35 Nginx 0.8.36 and higher is not vulnerable Vulnerability Info: Type: Remote File Disclosure Risk: High Vulnerability: http://localhost/file.php%20 Discoverd By: Pouya Daneshmand Website:...
nginx Space String Remote Source Code Disclosure Vulnerability
nginx is prone to a remote source code-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view the source code of files in the context of the server process, which may aid in further attacks. This issue affects nginx...
nginx Directory Traversal Vulnerability
nginx is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
nginx Space String Remote Source Code Disclosure Vulnerability
nginx is prone to a remote source code-disclosure vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
nginx [engine x] http server <= 0.6.36 Path Draversal
Exploit for multiple platform in category remote exploits ===================================================== nginx engine x http server = 0.6.36 Path Draversal ===================================================== Exploit Title: nginx engine x http server = 0.6.36 Path Draversal Date: 20/05/10...
Nginx 0.8.35 Source Code Disclosure
Securitylab.ir Application Info: Name: Nginx Tested on nginx 0.8.35 Nginx 0.8.36 and higher is not vulnerable Vulnerability Info: Type: Remote File Disclosure Risk: High Vulnerability: http://localhost/file.php%20 Discoverd By: Pouya Daneshmand Website: http://Pouya.Securitylab.ir Contacts:...
Nginx 0.6.36 - Directory Traversal
Nginx 0.6.36 - Directory Traversal Exploit Title: nginx engine x http server = 0.6.36 Path Draversal Date: 20/05/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.com | www.DigitalWhisper.co.il Software Link: http://nginx.org/ Version: = 0.6.36 Tested on: Win32 Path Traversal: A Path Traversal attack...
nginx 0.8.35 Space Character Remote Source Disclosure
Exploit for windows platform in category remote exploits ===================================================== nginx 0.8.35 Space Character Remote Source Disclosure ===================================================== Application Info: Nginx Tested on nginx 0.8.35 Nginx 0.8.36 and higher is not...
Nginx 0.6.36 - Directory Traversal
Exploit Title: nginx engine x http server = 0.6.36 Path Draversal Date: 20/05/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.com | www.DigitalWhisper.co.il Software Link: http://nginx.org/ Version: = 0.6.36 Tested on: Win32 Path Traversal: A Path Traversal attack aims to access files and directorie...
nginx 不正确处理URI导致目录遍历漏洞
Bugraq ID: 40420 nginx是一款高性能的web服务器,使用非常广泛,其不仅经常被用作反向代理 nginx不正确处理用户提交的URI请求,提交包含特殊目录遍历序列的请求,可绕过WEB ROOT限制,以WEB权限查看系统文件内容 0 Igor Sysoev nginx 0.6.36 Igor Sysoev nginx 0.6.32 Igor Sysoev nginx 0.6 厂商解决方案 --- nginx 目前没有详细解决方案提供: http://nginx.org/...
Nginx 0.6.36 Path Traversal
Exploit Title: nginx engine x http server Software Link: http://nginx.org/ Version: = 0.6.36 Tested on: Win32 Path Traversal: A Path Traversal attack aims to access files and directories that are stored outside the web root folder. By browsing the application, the attacker looks for absolute link...
nginx文件路径处理远程命令执行漏洞
nginx是多平台的HTTP服务器和邮件代理服务器。 nginx可以被配置为以CGI的方式支持PHP的运行,nginx在处理PHP脚本文件路径的解析时存在问题。如果网站允许上传文件,而且上传文件路径可得到,远程攻击者可以利用此漏洞上传包含恶意代码的文件并得到执行,实现以Web进程权限执行任意命令。 问题出现在nginx传递访问的URL和后续的脚本路径提取过程中,攻击者可以上传允许上传的文件类型,文件中包含恶意代码,得到上传文件通过Web可访问的URL后,在其后添加任意php后缀的文件名进行访问,存在漏洞的处理过程会把上传的文件作为CGI脚本执行。...
Also talk about the apache,nginx Upload Directory without execute permissions-bug warning-the black bar safety net
As to why set the Upload Directory does not have permission to this, I'm not cumbersome. Now more popular web Services iis,apache,nginx, use theOSis nothing more than windows or nux We look at two segments usually Upload Directory settings is not entitled to limit the subset of columns,configured...
Debian DSA-1920-1 : nginx - denial of service
A denial of service vulnerability has been found in nginx, a small and efficient web server. Jasson Bell discovered that a remote attacker could cause a denial of service segmentation fault by sending a crafted request. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-1884-1 : nginx - buffer underflow
Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process www-data on Debian or...
[CORE-2010-0121] Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers 1. Advisory Information Title: Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Serve...