257 matches found
Exploit for CVE-2026-6433
CVE-2026-6433 — Proof of Concept FlipperCode — Custom CSS,...
NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...
NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...
nginx 0.5.13 < 1.28.3 / 1.29.x < 1.29.7 Buffer Overflow in ngx_http_dav_module
The installed version of nginx is 0.5.13 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue : - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX...
NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...
CVE-2026-28808
Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...
CVE-2026-28808
Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...
CVE-2026-28808
Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...
EEF-CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
Summary Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access control...
PT-2026-30814
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.2, 26.2.5.19, and 27.3.4.10 Description An incorrect authorization issue exists in Erlang OTP inets modules that allows unauthenticated access to CGI scripts protected by directory rules when served via...
CVE-2025-41368
Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...
BIT-NGINX-2026-27654 NGINX ngx_http_dav_module vulnerability
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...
CVE-2025-41368 Multiple vulnerabilities in Small HTTP server by Smallsrv
Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...
Small Http Server 路径遍历漏洞
Small Http Server is a small HTTP server developed by Max Feoktistov. Version 3.06.36 of Small Http Server contains a path traversal vulnerability. This vulnerability stems from an authenticated path traversal exploit, which could allow remote users to bypass SecurityManager’s restrictions and...
PT-2026-28285
Name of the Vulnerable Software and Affected Versions Small HTTP Server version 3.06.36 Description An authenticated path traversal issue exists in the Small HTTP Server service. A remote user can bypass the intended restrictions of the SecurityManager and potentially display any file if they hav...
SUSE CVE-2026-27654
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...
Linux Distros Unpatched Vulnerability : CVE-2026-27654
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX work...
DEBIAN-CVE-2026-27654
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...
CVE-2026-27654
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...
CVE-2026-27654
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...