exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Nginx 0.7.65 Shell Upload
Posted Jul 31, 2011
Authored by Sysmox

Nginx version 0.7.65 suffers from a configuration vulnerability that may allow for a shell upload.

tags | exploit, shell
SHA-256 | 80551d22725746b690efed90e1d3702a31f4692d83292d2ce060118f47299c32

Related Files

Debian Security Advisory 4335-1
Posted Nov 12, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4335-1 - Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could in denial of service in processing HTTP/2 (via excessive memory/CPU usage) or server memory disclosure in the ngx_http_mp4_module module (used for server-side MP4 streaming).

tags | advisory, web, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2018-16843, CVE-2018-16844, CVE-2018-16845
SHA-256 | 62738a0f3a1924f58af8ca8de7f560fafc42ea8de43136a5a020522b764a4454
Ubuntu Security Notice USN-3812-1
Posted Nov 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3812-1 - It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2018-16843, CVE-2018-16844, CVE-2018-16845
SHA-256 | de51d5f5527e718cfd03e2b97d884775074a77a2c8b330508d29034ee83361c4
ModSecurity For Nginx Use-After-Free
Posted Mar 23, 2018
Authored by Filip Palian

The ModSecurity for Nginx "non-release" version suffers from a use-after-free vulnerability.

tags | exploit
SHA-256 | d9207b29252240c7674a132fbfa13cc88942175716e3707ba61e89b39606af89
Red Hat Security Advisory 2017-2538-01
Posted Aug 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-2538-01 - Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. Security Fix: A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests.

tags | advisory, remote, web, imap, protocol
systems | linux, redhat
advisories | CVE-2017-7529
SHA-256 | 79ce5cdcbe0cbbc085c98d66b45bb72a7aa104db74a886fb9fc2df65ea217b15
Debian Security Advisory 3908-1
Posted Jul 14, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3908-1 - An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure.

tags | advisory, web, overflow, info disclosure
systems | linux, debian
advisories | CVE-2017-7529
SHA-256 | cd5d2384bd7687090fd755285606347e1b18cee5c52c2981199d70b0f3637271
Ubuntu Security Notice USN-3352-1
Posted Jul 14, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3352-1 - It was discovered that an integer overflow existed in the range filter feature of nginx. A remote attacker could use this to expose sensitive information.

tags | advisory, remote, overflow
systems | linux, ubuntu
advisories | CVE-2017-7529
SHA-256 | 600f498d7b4084bab728c07868e8b5a07ccd3733023e2b76c91ac8906d9da164
PHP LibGD Heap Buffer Overflow
Posted Jan 17, 2017
Authored by Hans Jerry Illikainen

Proof of concept exploit for CVE-2016-3074 targeting Ubuntu 15.10 x86-64 with php5-gd and php5-fpm running behind nginx.

tags | exploit, overflow, x86, proof of concept
systems | linux, ubuntu
advisories | CVE-2016-3074
SHA-256 | ce82b05af66a6cc890010631b025d315ce68856b73a262d38038ee440aded59d
Gentoo Linux Security Advisory 201701-22
Posted Jan 11, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-22 - Gentoo's NGINX ebuilds are vulnerable to privilege escalation due to the way log files are handled. Versions less than 1.10.2-r3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2016-1247
SHA-256 | d5737c96d2fd4eb019f4603f8785e51a870d534eae95402c0859a4059ad57ad8
Nginx Root Privilege Escalation
Posted Nov 16, 2016
Authored by Dawid Golunski

Nginx web server packaging on Debian-based distributions such as Debian or Ubuntu was found to create log directories with insecure permissions which can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root. The vulnerability could be easily exploited by attackers who have managed to compromise a web application hosted on Nginx server and gained access to www-data account as it would allow them to escalate their privileges further to root access and fully compromise the system. This is fixed in 1.6.2-5+deb8u3 package on Debian and 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS. UPDATE 2017/01/13 - nginx packages below version 1.10.2-r3 on Gentoo are also affected.

tags | exploit, web, local, root
systems | linux, debian, ubuntu
advisories | CVE-2016-1247
SHA-256 | 572946533a64d6b9af6ce4ce53d1c39bc1cc476f9cdbd639425b4aed7713bcef
Debian Security Advisory 3701-2
Posted Oct 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3701-2 - The update for nginx issued as DSA-3701-1 to address CVE-2016-1247 introduced a packaging issue, which prevents nginx from being reinstalled or upgraded to a subsequent release. Updated packages are now available to address this problem.

tags | advisory
systems | linux, debian
SHA-256 | c6f8c4c108e93298ad8357b758fb00ddea690c42be17e52b058750dde9d4d075
Ubuntu Security Notice USN-3114-2
Posted Oct 27, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3114-2 - USN-3114-1 fixed a vulnerability in nginx. A packaging issue prevented nginx from being reinstalled or upgraded to a subsequent release. This update fixes the problem. Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges. Various other issues were also addressed.

tags | advisory, remote, root
systems | linux, ubuntu
SHA-256 | 9624f67fcd74df71566bea16362a1df2c8cb51b85d3fde2eb0af649b24c90594
Ubuntu Security Notice USN-3114-1
Posted Oct 26, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3114-1 - Dawid Golunski discovered that the nginx package incorrectly handled log file permissions. A remote attacker could possibly use this issue to obtain root privileges.

tags | advisory, remote, root
systems | linux, ubuntu
advisories | CVE-2016-1247
SHA-256 | b116940b951075c00e94c3de886a4e2f0c25b77a5edd4f0f00d61be294b8bf2a
Debian Security Advisory 3701-1
Posted Oct 26, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3701-1 - Dawid Golunski reported the nginx web server packages in Debian suffered from a privilege escalation vulnerability (www-data to root) due to the way log files are handled. This security update changes ownership of the /var/log/nginx directory root. In addition, /var/log/nginx has to be made accessible to local users, and local users may be able to read the log files themselves local until the next logrotate invocation.

tags | advisory, web, local, root
systems | linux, debian
advisories | CVE-2016-1247
SHA-256 | 45ba3a4a7a68c140419a5e245940ef54a4d56ffe54aff33299bf6d93353b5f49
Red Hat Security Advisory 2016-1425-01
Posted Jul 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1425-01 - Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage. The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx. Security Fix: A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2016-0742, CVE-2016-0746, CVE-2016-0747, CVE-2016-4450
SHA-256 | 9fcd8d112d10abaef25aeda680eb55de09f14a8ddc7a322ba0951f7a1c8d2fc6
Gentoo Linux Security Advisory 201606-06
Posted Jun 17, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201606-6 - Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service. Versions less than 1.10.1 are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2016-0742, CVE-2016-0746, CVE-2016-0747, CVE-2016-4450
SHA-256 | 349be5f178a7ffd3a0cdb33c99ffc6c5cd0d4399feee2ba5f8af5d80fe024bb6
Ubuntu Security Notice USN-2991-1
Posted Jun 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2991-1 - It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-4450
SHA-256 | 7b76181d9ee7767473b5043115eb685538577b078986740e6f047b3c64a9826a
Debian Security Advisory 3592-1
Posted Jun 1, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3592-1 - It was discovered that a NULL pointer dereference in the Nginx code responsible for saving client request bodies to a temporary file might processes.

tags | advisory
systems | linux, debian
advisories | CVE-2016-4450
SHA-256 | 02cf83827d28ed0185f384fd43ea855491aaff4cd89c0c7854b6f96491871ad4
Debian Security Advisory 3473-1
Posted Feb 12, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3473-1 - Several vulnerabilities were discovered in the resolver in nginx, a small, powerful, scalable web/proxy server, leading to denial of service or, potentially, to arbitrary code execution. These only affect nginx if the "resolver" directive is used in a configuration file.

tags | advisory, web, denial of service, arbitrary, vulnerability, code execution
systems | linux, debian
advisories | CVE-2016-0742, CVE-2016-0746, CVE-2016-0747
SHA-256 | 5a0131255d426604bc49d6eab1f053482dc3f459ff36bca3874ae38d871d1625
Ubuntu Security Notice USN-2892-1
Posted Feb 10, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2892-1 - It was discovered that nginx incorrectly handled certain DNS server responses when the resolver is enabled. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. It was discovered that nginx incorrectly handled CNAME response processing when the resolver is enabled. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-0742, CVE-2016-0746, CVE-2016-0747
SHA-256 | d6dd860ad160022d340ae51100f95d1bbfc7eb1318e96733778075f22b98232b
Mandriva Linux Security Advisory 2015-094
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-094 - A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution. Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2014-0133, CVE-2014-3616
SHA-256 | a9b0dad5121adee806f8507d31f0378200cad93af903b88a3195c14cd2fca5c6
Raritan PowerIQ 4.1 / 4.2 / 4.3 Code Execution
Posted Mar 12, 2015
Authored by Brandon Perry

Raritan PowerIQ versions 4.1, 4.2, and 4.3 ship with a Rails 2 web interface with a hardcoded session secret. This can be used to achieve unauthenticated remote code execution as the nginx user on vulnerable systems.

tags | exploit, remote, web, code execution
SHA-256 | 681c8bb72ae6628420487909d37bf9e367efcdc762196f727263b8b5ca086eda
Gentoo Linux Security Advisory 201502-06
Posted Feb 9, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201502-6 - An SSL session fixation vulnerability in nginx may allow remote attackers to obtain sensitive information. Versions less than 1.7.6 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2014-3616
SHA-256 | 29faa459c2b40ea3986840cd0476717e4e2d52fb4e0c7250621ba4aad858db0c
libCryptoLog 0.1
Posted Nov 21, 2014
Authored by YJesus

libCryptoLog hooks fprintf() and write() functions to provide encryption on the fly for log files from Apache, Nginx, Postfix, and more.

tags | library
systems | linux
SHA-256 | 375b8cd1a61cbb82d69b065985018989597f5079a42f603aec9a1acceff970b4
Ubuntu Security Notice USN-2351-1
Posted Sep 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2351-1 - Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that nginx incorrectly reused cached SSL sessions. An attacker could possibly use this issue in certain configurations to obtain access to information from a different virtual host.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-3616
SHA-256 | 02a8e09de555bdb912d184f6c0aefad2a80152bc1062161322d7a1666becefaa
Gentoo Linux Security Advisory 201406-20
Posted Jun 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-20 - A vulnerability has been found in nginx which may allow execution of arbitrary code. Versions less than 1.4.7 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2014-0133
SHA-256 | 3e519a84a2acdaf4c4485c9b31a5fdcefeaa8e4c356e434dd87d582ec8ce444e
Page 2 of 4
Back1234Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close