Page 14 of 78 results (0.006 seconds)

CVSS: 7.5EPSS: 15%CPEs: 2EXPL: 8

CVE-2013-2028 – Nginx 1.3.9 < 1.4.0 - Denial of Service (PoC)

https://notcve.org/view.php?id=CVE-2013-2028

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. La función ngx_http_parse_chunked en http/ngx_http_parse.c en nginx v1.3.9 hasta v1.4.0 permite a atacantes remotos causar una denegación de servicio (caída) y ejecutar código arbitrario mediante una solicitud Transfer-Encoding (chunked) con un tamaño de chunk de gran longitud, lo que genera un error de "integer signedness" y un desbordamiento de búfer. Nginx versions 1.3.9 through 1.4.0 suffer from a denial of service vulnerability. • https://www.exploit-db.com/exploits/25499 https://www.exploit-db.com/exploits/25775 https://www.exploit-db.com/exploits/26737 https://www.exploit-db.com/exploits/32277 https://github.com/m4drat/CVE-2013-2028-Exploit https://github.com/Sunqiz/CVE-2013-2028-reproduction https://github.com/tachibana51/CVE-2013-2028-x64-bypass-ssp-and-pie-PoC http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html http://mailman.nginx.org/pipermail/nginx-announce/2013/000112 • CWE-787: Out-of-bounds Write •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2011-4963

https://notcve.org/view.php?id=CVE-2011-4963

nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. nginx/Windows v1.3.x antes de v1.3.1 y v1.2.x antes de v1.2.1 permite a atacantes remotos eludir restricciones de acceso y acceder a archivos restringidos a través de (1) un . (punto) final o (2) una serie de secuencias "$index_allocation" en una solicitud. • http://english.securitylab.ru/lab/PT-2012-06 http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html http://nginx.org/en/security_advisories.html •

CVSS: 6.8EPSS: 2%CPEs: 5EXPL: 0

CVE-2012-2089

https://notcve.org/view.php?id=CVE-2012-2089

Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. Un desbordamiento de búfer en ngx_http_mp4_module.c en el módulo de ngx_http_mp4_module en nginx v1.0.7 a v1.0.14 y en v1.1.3 a v1.1.18, cuando se usa la directiva mp4, permite a atacantes remotos causar una denegación de servicio (sobrescritura de memoria) o, posiblemente, ejecutar código de su elección a través de un archivo MP4 especificamente creado para este fin. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079467.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079474.html http://nginx.org/en/security_advisories.html http://www.openwall.com/lists/oss-security/2012/04/12/9 http://www.securityfocus.com/bid/52999 http://www.securitytracker.com/id?1026924 https://exchange.xforce.ibmcloud.com/vulnerabilities/74831 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2012-1180

https://notcve.org/view.php?id=CVE-2012-1180

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. Una vulnerabilidad de uso después de liberación en nginx v1.0.14 y v1.1.x antes de v1.1.17 permite obtener información sensible de la memoria del proceso a servidores remotos de HTTP a través de una respuesta del backend modificada, junto con una petición de cliente. • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077966.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076646.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076671.html http://nginx.org/download/patch.2012.memory.txt http://nginx.org/en/security_advisories.html http://osvdb.org/80124 http://seclists.org/bugtraq/2012/Mar/65 http://secunia.com/advisories/48465 http://secunia.com/advisories/48577 http://security.gent • CWE-416: Use After Free •

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2011-4315

https://notcve.org/view.php?id=CVE-2011-4315

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. Desbordamiento de búfer basado en memoria dinámica en el procesamiento de compresión puntero en core/ngx_resolver.c en nginx antes de v1.0.10 permite a resolvers remotos causar una denegación de servicio (caída del demonio) o posiblemente tener un impacto no especificado a través de una respuesta larga. • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html http://openwall.com/lists/oss-security/2011/11/17/10 http://openwall.com/lists/oss-security/2011/11/17/8 http://secunia.com/advisories/47097 http://secunia.com/advisories/48577 http://security.gentoo.org/glsa/glsa-201203-22.xml http://trac.nginx.org/nginx/changeset/4268/nginx http://www.nginx.org/en/CHANGES-1.0 • CWE-787: Out-of-bounds Write •