nginx version 1.4.0 remote code execution exploit that leverages a new attack technique called BROP (Blind ROP).
8352b0f536d1d2db731dbea6ffe0990452b85c17e1de3830432937e8c4173ec3
Gentoo Linux Security Advisory 201310-4 - Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code. Versions less than 1.4.1-r2 are affected.
d96dcaaddb6063a984eba219fdaa3a2560cef2dd98977d295609980830ed7f5d
This whitepaper document how the brute forcing exploit works for a buffer overflow vulnerability in nginx versions 1.3.9 and 1.4.0 on x86.
83e7a76cda024bdc1720e8569cb20218c76aa3c5b8a8f5ddfad4818e03f8afe9
Nginx versions 1.3.9 and 1.4.0 chunked encoding stack based buffer overflow exploit.
e568d34f409666b4b38b816f6e12c700985eef965d9935fab1764f2b9c979b77
This Metasploit module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx. The exploit first triggers an integer overflow in the ngx_http_parse_chunked() by supplying an overly long hex value as chunked block size. This value is later used when determining the number of bytes to read into a stack buffer, thus the overflow becomes possible.
5caa8725f0b0e52002e2804749d851584f474a1d0b411c2a827865afd2da031c
Nginx versions 1.3.9 through 1.4.0 suffer from a denial of service vulnerability.
545ee012c3d75d1d38d47e527a614966ce9593fd109eb03f37bdf8105f5b48b0
Nginx versions 1.3.9 through 1.4.0 suffer from a stack-based buffer overflow vulnerability.
7bc6c11ece1fcb0d26e264613945a82fd3064bb3d2a74e91677e963e3b0ad5b3