exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Nginx 0.7.65 Shell Upload
Posted Jul 31, 2011
Authored by Sysmox

Nginx version 0.7.65 suffers from a configuration vulnerability that may allow for a shell upload.

tags | exploit, shell
SHA-256 | 80551d22725746b690efed90e1d3702a31f4692d83292d2ce060118f47299c32

Related Files

Apple Security Advisory 2021-09-20-4
Posted Sep 22, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-09-20-4 - Xcode 13 addresses multiple issues in nginx.

tags | advisory
systems | apple
advisories | CVE-2016-0742, CVE-2016-0746, CVE-2016-0747, CVE-2017-7529, CVE-2018-16843, CVE-2018-16844, CVE-2018-16845, CVE-2019-20372
SHA-256 | e298f65735c01199cc9782cb84a35d40ade27a44f1619154f005170a70f23d97
Red Hat Security Advisory 2021-2290-01
Posted Jun 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2290-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-23017
SHA-256 | 1651d0dd6c4d8e6407c692a21c98162f056535fdccc533aa9812afe1ddf2044f
Red Hat Security Advisory 2021-2278-01
Posted Jun 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2278-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-23017
SHA-256 | 0b6bda0bb5955a9bd2d171a0806989f7c74f4ffd35606ccdefe019cda34eb38c
Red Hat Security Advisory 2021-2259-01
Posted Jun 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2259-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-23017
SHA-256 | 5ff90ade67bcdf00bb5c71748bc55906a7adddb89744b77059d1349f442d43f3
Red Hat Security Advisory 2021-2258-01
Posted Jun 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2258-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-23017
SHA-256 | 07bb2c98530ba79d1573f2b391d4116590031c337af730da7f8910dced50d8fe
Ubuntu Security Notice USN-4967-2
Posted May 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23017
SHA-256 | fa9566f11a9fe7fedfd3308556728e7989e3d35072dac1fff279c3e363c3e755
Gentoo Linux Security Advisory 202105-38
Posted May 27, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-38 - A vulnerability in nginx could lead to remote code execution. Versions less than 1.21.0 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2021-23017
SHA-256 | 20572af334a8f1e1ee046ba9e037e28de9c8585c3e1753cd1216bebc3019b5be
nginx 1.20.0 DNS Resolver Off-By-One Heap Write
Posted May 26, 2021
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character ('.', 0x2E) out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E. A network attacker capable of providing DNS responses to a nginx server can achieve Denial-of-Service and likely remote code execution. Due to the lack of DNS spoofing mitigations in nginx and the fact that the vulnerable function is called before checking the DNS Transaction ID, remote attackers might be able to exploit this vulnerability by flooding the victim server with poisoned DNS responses in a feasible amount of time.

tags | exploit, remote, spoof, code execution
advisories | CVE-2021-23017
SHA-256 | 3dfbbfc75ab8248919c960e6279f4525444e77d8b1532e2dc80da38820b690c4
Ubuntu Security Notice USN-4967-1
Posted May 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4967-1 - Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23017
SHA-256 | 0f814519864a2c1f00e089303aebba070126d095871ca25d8c1a1514b228d000
Red Hat Security Advisory 2020-5495-01
Posted Dec 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5495-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2019-20372
SHA-256 | 662ff82ffc286989c26d768c1895ecb6e49567a23a05aa27edfa7ace5d971eed
Red Hat Security Advisory 2020-2817-01
Posted Jul 2, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2817-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2019-20372
SHA-256 | 8532ff6109d76302c144b3361db60c0aa50758a60d06b2d79ebf30dee7c39f74
PHP-FPM 7.x Remote Code Execution
Posted Mar 5, 2020
Authored by cdelafuente-r7, neex | Site metasploit.com

This Metasploit module exploits an underflow vulnerability in PHP-FPM versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certain Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code (see refs). First, it detects the correct parameters (Query String Length and custom header length) needed to trigger code execution. This step determines if the target is actually vulnerable (Check method). Then, the exploit sets a series of PHP INI directives to create a file locally on the target, which enables code execution through a query string parameter. This is used to execute normal payload stagers. Finally, this module does some cleanup by killing local PHP-FPM workers (those are spawned automatically once killed) and removing the created local file.

tags | exploit, local, php, code execution
advisories | CVE-2019-11043
SHA-256 | b0bb267ae212db3146c03348b75e67574095c1e4c6cca10f25f575609f95bc2f
Ubuntu Security Notice USN-4235-2
Posted Jan 15, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4235-2 - USN-4235-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM. Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2019-20372
SHA-256 | f27f4f464dca0131a740388b68a10b2b2016cf4c60d9b6cb1e1399592aeffdcd
Ubuntu Security Notice USN-4235-1
Posted Jan 13, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4235-1 - Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2019-20372
SHA-256 | 044027ea326db3fb6aae4672a92bf7f3e07587ae3b37e7ae041b1440fcb590e1
PHP-FPM Remote Code Execution
Posted Oct 24, 2019
Authored by Emil Lerner, d90pwn

This is a newer method to exploit php-fpm to achieve remote code execution when certain nginx with php-fpm configurations exist.

tags | exploit, remote, php, code execution
advisories | CVE-2019-11043
SHA-256 | 8df57ba35c7fedb82e321a6da3798beb103782ba91f10bc8e528fd4217ddfa67
Red Hat Security Advisory 2019-2799-01
Posted Sep 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2799-01 - Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, imap, protocol
systems | linux, redhat
advisories | CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
SHA-256 | 6db2fc5ba5ae499fa0f7a4bbbc155d6d378588483e1d08e6c8fed16e216519c8
Red Hat Security Advisory 2019-2775-01
Posted Sep 17, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2775-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, protocol
systems | linux, redhat
advisories | CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
SHA-256 | 563112f9aa5f6e29519ee4d5e8453954076952723b0dcf46e0231827777324ba
Red Hat Security Advisory 2019-2746-01
Posted Sep 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2746-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, protocol
systems | linux, redhat
advisories | CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
SHA-256 | d98d71f0e6f8a7c11eaeb24675ee7f294833caa8ee363c3c52bb13f5b782bc94
Red Hat Security Advisory 2019-2745-01
Posted Sep 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2745-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, protocol
systems | linux, redhat
advisories | CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
SHA-256 | 174cbd24fc1d2e93e73177950504374ebd0ed511c1661841094a7c2ba620ac1d
Debian Security Advisory 4505-1
Posted Aug 22, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4505-1 - Three vulnerabilities were discovered in the HTTP/2 code of Nginx, a high-performance web and reverse proxy server, which could result in denial of service.

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
SHA-256 | 38817d6cbe881d7e08349f61c5c128eb23f57ca935723613ecd58131d5bef764
Ubuntu Security Notice USN-4099-1
Posted Aug 15, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4099-1 - Jonathan Looney discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to consume resources, leading to a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2019-9511
SHA-256 | 865f978ed5a19c9067c988ea171367de190ac9dfa56f46fe0cb52abb57a87e0c
Red Hat Security Advisory 2018-3681-01
Posted Nov 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3681-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, protocol
systems | linux, redhat
advisories | CVE-2018-16843, CVE-2018-16844, CVE-2018-16845
SHA-256 | edc156252a77c17ab32cdf45a40f9b72fed35d597c56732bf77fbcba569b8b86
Red Hat Security Advisory 2018-3680-01
Posted Nov 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3680-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, protocol
systems | linux, redhat
advisories | CVE-2018-16843, CVE-2018-16844, CVE-2018-16845
SHA-256 | bf762c567899406a051f2a94d0eb8fc6de8342ac0ca6d42ea5ecab607fcc1426
Red Hat Security Advisory 2018-3653-01
Posted Nov 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3653-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, protocol
systems | linux, redhat
advisories | CVE-2018-16843, CVE-2018-16845
SHA-256 | cdf8832a2ee43f362646287957e86d0a848865e5cbce03448952aedf3e742e46
Red Hat Security Advisory 2018-3652-01
Posted Nov 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3652-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service, protocol
systems | linux, redhat
advisories | CVE-2018-16845
SHA-256 | 13d4d0dbcb52c25e093c1a22ae583ea2870ab00c6e2cac59c54802f4b830fccc
Page 1 of 4
Back1234Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close