IRCCloud: Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE

Summary ======== During my reconnaissance for your bug bounty program, I discovered an instance of nginx version 1.4.6 running at the IP address https://54.153.101.52. To locate it, I search for IRCCloud-related certificated and found the self-signed certificate for this server...

CVE-2014-0088

The SPDY implementation in the ngxhttpspdymodule module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request...

FreeBSD : nginx -- SPDY heap buffer overflow (fc28df92-b233-11e3-99ca-f0def16c5c1b)

The nginx project reports : A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...

nginx -- SPDY heap buffer overflow

The nginx project reports: A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...

FreeBSD : nginx -- SPDY memory corruption (89db3b31-a4c3-11e3-978f-f0def16c5c1b)

The nginx project reports : A bug in the experimental SPDY implementation in nginx 1.5.10 was found, which might allow an attacker to corrupt worker process memory by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0088. The problem only affects nginx...

nginx -- SPDY memory corruption

The nginx project reports: A bug in the experimental SPDY implementation in nginx 1.5.10 was found, which might allow an attacker to corrupt worker process memory by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0088. The problem only affects nginx...