Pastebin
API
tools
faq
paste
Login
Sign up
Please fix the following errors:
New Paste
Syntax Highlighting
yuri@yuri-server:~$ nmap -sV --script=vulscan/vulscan.nse -Pn XX.XX.XX.XX -p80-3400 Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-09 14:04 MSK Nmap scan report for 77-244-18-226.westcall.net (XX.XX.XX.XX) Host is up (0.0037s latency). Not shown: 3313 closed ports PORT STATE SERVICE VERSION 80/tcp open http nginx | vulscan: VulDB - https://vuldb.com: | [155282] nginx up to 1.18.0 HTTP Request Request Smuggling privilege escalation | [154857] Nginx Controller up to 3.3.0 Web Server Session Token Logout weak authentication | [154326] Nginx Controller up to 3.2.x Agent Installer Script install.sh weak encryption | [154324] Nginx Controller up to 3.2.x Postgres Database Server Man-in-the-Middle weak encryption | [154323] Nginx Controller up to 3.1.x TLS weak encryption | [152728] strong-nginx-controller up to 1.0.2 _nginxCmd() command injection | [152416] Nginx Controller up to 3.1.x Controller API privilege escalation | [148519] nginx up to 1.17.6 Error Page HTTP Request Request Smuggling privilege escalation | [145942] nginx 0.8.40 HTTP Proxy Module Man-in-the-Middle weak authentication | [144114] Xiaomi Mi WiFi R3G up to 2.28.22 Nginx Alias account directory traversal | [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution | [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation | [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication | [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption | [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation | [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service | [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service | [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service | [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation | [114368] SuSE Portus 2.3 Nginx Certificate weak authentication | [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption | [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect | [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service | [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service | [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service | [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service | [67677] nginx up to 1.7.3 SSL weak authentication | [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation | [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption | [12824] nginx 1.5.10 on 32-bit SPDY memory corruption | [11237] nginx up to 1.5.6 URI String Bypass privilege escalation | [65364] nginx up to 1.1.13 Default Configuration information disclosure | [8671] nginx up to 1.4 proxy_pass denial of service | [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption | [7247] nginx 1.2.6 Proxy Function spoofing | [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation | [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption | [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure | [59645] nginx up to 0.8.9 Heap-based memory corruption | [53592] nginx 0.8.36 memory corruption | [53590] nginx up to 0.8.9 unknown vulnerability | [51533] nginx 0.7.64 Terminal privilege escalation | [50905] nginx up to 0.8.9 directory traversal | [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service | [50043] nginx up to 0.8.10 memory corruption | | MITRE CVE - https://cve.mitre.org: | [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. | [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. | [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. | [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. | [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. | [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. | [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. | [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. | [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. | [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. | [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. | [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. | | SecurityFocus - https://www.securityfocus.com/bid/: | [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability | [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability | [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability | [90967] nginx CVE-2016-4450 Denial of Service Vulnerability | [82230] nginx Multiple Denial of Service Vulnerabilities | [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability | [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability | [69111] nginx SMTP Proxy Remote Command Injection Vulnerability | [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability | [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability | [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability | [59824] Nginx CVE-2013-2070 Remote Security Vulnerability | [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability | [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability | [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability | [58105] Nginx 'access.log' Insecure File Permissions Vulnerability | [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability | [55920] nginx CVE-2011-4963 Security Bypass Vulnerability | [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability | [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability | [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability | [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability | [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities | [40434] nginx Space String Remote Source Code Disclosure Vulnerability | [40420] nginx Directory Traversal Vulnerability | [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability | [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability | [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities | [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability | [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability | | IBM X-Force - https://exchange.xforce.ibmcloud.com: | [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions | [84172] nginx denial of service | [84048] nginx buffer overflow | [83923] nginx ngx_http_close_connection() integer overflow | [83688] nginx null byte code execution | [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass | [82319] nginx access.log information disclosure | [80952] nginx SSL spoofing | [77244] nginx and Microsoft Windows request security bypass | [76778] Naxsi module for Nginx nx_extract.py directory traversal | [74831] nginx ngx_http_mp4_module.c buffer overflow | [74191] nginx ngx_cpystrn() information disclosure | [74045] nginx header response information disclosure | [71355] nginx ngx_resolver_copy() buffer overflow | [59370] nginx characters denial of service | [59369] nginx DATA source code disclosure | [59047] nginx space source code disclosure | [58966] nginx unspecified directory traversal | [54025] nginx ngx_http_parse.c denial of service | [53431] nginx WebDAV component directory traversal | [53328] Nginx CRC-32 cached domain name spoofing | [53250] Nginx ngx_http_parse_complex_uri() function code execution | | Exploit-DB - https://www.exploit-db.com: | [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit | [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow | [25499] nginx 1.3.9-1.4.0 DoS PoC | [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection | [14830] nginx 0.6.38 - Heap Corruption Exploit | [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability | [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities | [12804] nginx [engine x] http server <= 0.6.36 Path Draversal | [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC | [9829] nginx 0.7.61 WebDAV directory traversal | | OpenVAS (Nessus) - http://www.openvas.org: | [864418] Fedora Update for nginx FEDORA-2012-3846 | [864310] Fedora Update for nginx FEDORA-2012-6238 | [864209] Fedora Update for nginx FEDORA-2012-6411 | [864204] Fedora Update for nginx FEDORA-2012-6371 | [864121] Fedora Update for nginx FEDORA-2012-4006 | [864115] Fedora Update for nginx FEDORA-2012-3991 | [864065] Fedora Update for nginx FEDORA-2011-16075 | [863654] Fedora Update for nginx FEDORA-2011-16110 | [861232] Fedora Update for nginx FEDORA-2007-1158 | [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx) | [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx) | [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection | [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability | [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability | [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability | [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability | [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities | [100659] nginx Directory Traversal Vulnerability | [100658] nginx Space String Remote Source Code Disclosure Vulnerability | [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability | [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability | [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability | [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability | [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities | [71574] Gentoo Security Advisory GLSA 201206-07 (nginx) | [71308] Gentoo Security Advisory GLSA 201203-22 (nginx) | [71297] FreeBSD Ports: nginx | [71276] FreeBSD Ports: nginx | [71239] Debian Security Advisory DSA 2434-1 (nginx) | [66451] Fedora Core 11 FEDORA-2009-12782 (nginx) | [66450] Fedora Core 10 FEDORA-2009-12775 (nginx) | [66449] Fedora Core 12 FEDORA-2009-12750 (nginx) | [64924] Gentoo Security Advisory GLSA 200909-18 (nginx) | [64912] Fedora Core 10 FEDORA-2009-9652 (nginx) | [64911] Fedora Core 11 FEDORA-2009-9630 (nginx) | [64894] FreeBSD Ports: nginx | [64869] Debian Security Advisory DSA 1884-1 (nginx) | | SecurityTracker - https://www.securitytracker.com: | [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information | [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code | [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code | [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents | | OSVDB - http://www.osvdb.org: | [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access | [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure | [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow | [92796] nginx ngx_http_close_connection Function Crafted r-> | [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution | [90518] nginx Log Directory Permission Weakness Local Information Disclosure | [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness | [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access | [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access | [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow | [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure | [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow | [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access | [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS | [65294] nginx on Windows Encoded Space Request Remote Source Disclosure | [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass | [62617] nginx Internal DNS Cache Poisoning Weakness | [61779] nginx HTTP Request Escape Sequence Terminal Command Injection | [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS | [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write | [58128] nginx ngx_http_parse_complex_uri() Function Underflow | [44447] nginx (engine x) msie_refresh Directive Unspecified XSS | [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass | [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass | [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal | [44443] nginx (engine x) rtsig Method Signal Queue Overflow | [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow |_ 135/tcp filtered msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 443/tcp open ssl/http nginx | vulscan: VulDB - https://vuldb.com: | [155282] nginx up to 1.18.0 HTTP Request Request Smuggling privilege escalation | [154857] Nginx Controller up to 3.3.0 Web Server Session Token Logout weak authentication | [154326] Nginx Controller up to 3.2.x Agent Installer Script install.sh weak encryption | [154324] Nginx Controller up to 3.2.x Postgres Database Server Man-in-the-Middle weak encryption | [154323] Nginx Controller up to 3.1.x TLS weak encryption | [152728] strong-nginx-controller up to 1.0.2 _nginxCmd() command injection | [152416] Nginx Controller up to 3.1.x Controller API privilege escalation | [148519] nginx up to 1.17.6 Error Page HTTP Request Request Smuggling privilege escalation | [145942] nginx 0.8.40 HTTP Proxy Module Man-in-the-Middle weak authentication | [144114] Xiaomi Mi WiFi R3G up to 2.28.22 Nginx Alias account directory traversal | [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution | [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation | [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication | [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption | [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation | [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service | [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service | [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service | [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation | [114368] SuSE Portus 2.3 Nginx Certificate weak authentication | [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption | [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect | [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service | [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service | [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service | [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service | [67677] nginx up to 1.7.3 SSL weak authentication | [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation | [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption | [12824] nginx 1.5.10 on 32-bit SPDY memory corruption | [11237] nginx up to 1.5.6 URI String Bypass privilege escalation | [65364] nginx up to 1.1.13 Default Configuration information disclosure | [8671] nginx up to 1.4 proxy_pass denial of service | [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption | [7247] nginx 1.2.6 Proxy Function spoofing | [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation | [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption | [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure | [59645] nginx up to 0.8.9 Heap-based memory corruption | [53592] nginx 0.8.36 memory corruption | [53590] nginx up to 0.8.9 unknown vulnerability | [51533] nginx 0.7.64 Terminal privilege escalation | [50905] nginx up to 0.8.9 directory traversal | [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service | [50043] nginx up to 0.8.10 memory corruption | | MITRE CVE - https://cve.mitre.org: | [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. | [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. | [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. | [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. | [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. | [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. | [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. | [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. | [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. | [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. | [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. | [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. | [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. | | SecurityFocus - https://www.securityfocus.com/bid/: | [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability | [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability | [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability | [90967] nginx CVE-2016-4450 Denial of Service Vulnerability | [82230] nginx Multiple Denial of Service Vulnerabilities | [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability | [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability | [69111] nginx SMTP Proxy Remote Command Injection Vulnerability | [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability | [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability | [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability | [59824] Nginx CVE-2013-2070 Remote Security Vulnerability | [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability | [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability | [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability | [58105] Nginx 'access.log' Insecure File Permissions Vulnerability | [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability | [55920] nginx CVE-2011-4963 Security Bypass Vulnerability | [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability | [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability | [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability | [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability | [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities | [40434] nginx Space String Remote Source Code Disclosure Vulnerability | [40420] nginx Directory Traversal Vulnerability | [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability | [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability | [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities | [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability | [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability | | IBM X-Force - https://exchange.xforce.ibmcloud.com: | [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions | [84172] nginx denial of service | [84048] nginx buffer overflow | [83923] nginx ngx_http_close_connection() integer overflow | [83688] nginx null byte code execution | [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass | [82319] nginx access.log information disclosure | [80952] nginx SSL spoofing | [77244] nginx and Microsoft Windows request security bypass | [76778] Naxsi module for Nginx nx_extract.py directory traversal | [74831] nginx ngx_http_mp4_module.c buffer overflow | [74191] nginx ngx_cpystrn() information disclosure | [74045] nginx header response information disclosure | [71355] nginx ngx_resolver_copy() buffer overflow | [59370] nginx characters denial of service | [59369] nginx DATA source code disclosure | [59047] nginx space source code disclosure | [58966] nginx unspecified directory traversal | [54025] nginx ngx_http_parse.c denial of service | [53431] nginx WebDAV component directory traversal | [53328] Nginx CRC-32 cached domain name spoofing | [53250] Nginx ngx_http_parse_complex_uri() function code execution | | Exploit-DB - https://www.exploit-db.com: | [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit | [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow | [25499] nginx 1.3.9-1.4.0 DoS PoC | [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection | [14830] nginx 0.6.38 - Heap Corruption Exploit | [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability | [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities | [12804] nginx [engine x] http server <= 0.6.36 Path Draversal | [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC | [9829] nginx 0.7.61 WebDAV directory traversal | | OpenVAS (Nessus) - http://www.openvas.org: | [864418] Fedora Update for nginx FEDORA-2012-3846 | [864310] Fedora Update for nginx FEDORA-2012-6238 | [864209] Fedora Update for nginx FEDORA-2012-6411 | [864204] Fedora Update for nginx FEDORA-2012-6371 | [864121] Fedora Update for nginx FEDORA-2012-4006 | [864115] Fedora Update for nginx FEDORA-2012-3991 | [864065] Fedora Update for nginx FEDORA-2011-16075 | [863654] Fedora Update for nginx FEDORA-2011-16110 | [861232] Fedora Update for nginx FEDORA-2007-1158 | [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx) | [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx) | [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection | [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability | [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability | [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability | [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability | [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities | [100659] nginx Directory Traversal Vulnerability | [100658] nginx Space String Remote Source Code Disclosure Vulnerability | [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability | [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability | [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability | [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability | [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities | [71574] Gentoo Security Advisory GLSA 201206-07 (nginx) | [71308] Gentoo Security Advisory GLSA 201203-22 (nginx) | [71297] FreeBSD Ports: nginx | [71276] FreeBSD Ports: nginx | [71239] Debian Security Advisory DSA 2434-1 (nginx) | [66451] Fedora Core 11 FEDORA-2009-12782 (nginx) | [66450] Fedora Core 10 FEDORA-2009-12775 (nginx) | [66449] Fedora Core 12 FEDORA-2009-12750 (nginx) | [64924] Gentoo Security Advisory GLSA 200909-18 (nginx) | [64912] Fedora Core 10 FEDORA-2009-9652 (nginx) | [64911] Fedora Core 11 FEDORA-2009-9630 (nginx) | [64894] FreeBSD Ports: nginx | [64869] Debian Security Advisory DSA 1884-1 (nginx) | | SecurityTracker - https://www.securitytracker.com: | [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information | [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code | [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code | [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents | | OSVDB - http://www.osvdb.org: | [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access | [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure | [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow | [92796] nginx ngx_http_close_connection Function Crafted r-> | [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution | [90518] nginx Log Directory Permission Weakness Local Information Disclosure | [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness | [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access | [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access | [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow | [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure | [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow | [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access | [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS | [65294] nginx on Windows Encoded Space Request Remote Source Disclosure | [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass | [62617] nginx Internal DNS Cache Poisoning Weakness | [61779] nginx HTTP Request Escape Sequence Terminal Command Injection | [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS | [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write | [58128] nginx ngx_http_parse_complex_uri() Function Underflow | [44447] nginx (engine x) msie_refresh Directive Unspecified XSS | [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass | [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass | [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal | [44443] nginx (engine x) rtsig Method Signal Queue Overflow | [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow |_ 445/tcp filtered microsoft-ds Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 26.60 seconds
Optional Paste Settings
Category:
None
Cryptocurrency
Cybersecurity
Fixit
Food
Gaming
Haiku
Help
History
Housing
Jokes
Legal
Money
Movies
Music
Pets
Photo
Science
Software
Source Code
Spirit
Sports
Travel
TV
Writing
Tags:
Syntax Highlighting:
None
Bash
C
C#
C++
CSS
HTML
JSON
Java
JavaScript
Lua
Markdown (PRO members only)
Objective C
PHP
Perl
Python
Ruby
Swift
4CS
6502 ACME Cross Assembler
6502 Kick Assembler
6502 TASM/64TASS
ABAP
AIMMS
ALGOL 68
APT Sources
ARM
ASM (NASM)
ASP
ActionScript
ActionScript 3
Ada
Apache Log
AppleScript
Arduino
Asymptote
AutoIt
Autohotkey
Avisynth
Awk
BASCOM AVR
BNF
BOO
Bash
Basic4GL
Batch
BibTeX
Blitz Basic
Blitz3D
BlitzMax
BrainFuck
C
C (WinAPI)
C Intermediate Language
C for Macs
C#
C++
C++ (WinAPI)
C++ (with Qt extensions)
C: Loadrunner
CAD DCL
CAD Lisp
CFDG
CMake
COBOL
CSS
Ceylon
ChaiScript
Chapel
Clojure
Clone C
Clone C++
CoffeeScript
ColdFusion
Cuesheet
D
DCL
DCPU-16
DCS
DIV
DOT
Dart
Delphi
Delphi Prism (Oxygene)
Diff
E
ECMAScript
EPC
Easytrieve
Eiffel
Email
Erlang
Euphoria
F#
FO Language
Falcon
Filemaker
Formula One
Fortran
FreeBasic
FreeSWITCH
GAMBAS
GDB
GDScript
Game Maker
Genero
Genie
GetText
Go
Godot GLSL
Groovy
GwBasic
HQ9 Plus
HTML
HTML 5
Haskell
Haxe
HicEst
IDL
INI file
INTERCAL
IO
ISPF Panel Definition
Icon
Inno Script
J
JCL
JSON
Java
Java 5
JavaScript
Julia
KSP (Kontakt Script)
KiXtart
Kotlin
LDIF
LLVM
LOL Code
LScript
Latex
Liberty BASIC
Linden Scripting
Lisp
Loco Basic
Logtalk
Lotus Formulas
Lotus Script
Lua
M68000 Assembler
MIX Assembler
MK-61/52
MPASM
MXML
MagikSF
Make
MapBasic
Markdown (PRO members only)
MatLab
Mercury
MetaPost
Modula 2
Modula 3
Motorola 68000 HiSoft Dev
MySQL
Nagios
NetRexx
Nginx
Nim
NullSoft Installer
OCaml
OCaml Brief
Oberon 2
Objeck Programming Langua
Objective C
Octave
Open Object Rexx
OpenBSD PACKET FILTER
OpenGL Shading
Openoffice BASIC
Oracle 11
Oracle 8
Oz
PARI/GP
PCRE
PHP
PHP Brief
PL/I
PL/SQL
POV-Ray
ParaSail
Pascal
Pawn
Per
Perl
Perl 6
Phix
Pic 16
Pike
Pixel Bender
PostScript
PostgreSQL
PowerBuilder
PowerShell
ProFTPd
Progress
Prolog
Properties
ProvideX
Puppet
PureBasic
PyCon
Python
Python for S60
QBasic
QML
R
RBScript
REBOL
REG
RPM Spec
Racket
Rails
Rexx
Robots
Roff Manpage
Ruby
Ruby Gnuplot
Rust
SAS
SCL
SPARK
SPARQL
SQF
SQL
SSH Config
Scala
Scheme
Scilab
SdlBasic
Smalltalk
Smarty
StandardML
StoneScript
SuperCollider
Swift
SystemVerilog
T-SQL
TCL
TeXgraph
Tera Term
TypeScript
TypoScript
UPC
Unicon
UnrealScript
Urbi
VB.NET
VBScript
VHDL
VIM
Vala
Vedit
VeriLog
Visual Pro Log
VisualBasic
VisualFoxPro
WHOIS
WhiteSpace
Winbatch
XBasic
XML
XPP
Xojo
Xorg Config
YAML
YARA
Z80 Assembler
ZXBasic
autoconf
jQuery
mIRC
newLISP
q/kdb+
thinBasic
Paste Expiration:
Never
Burn after read
10 Minutes
1 Hour
1 Day
1 Week
2 Weeks
1 Month
6 Months
1 Year
Paste Exposure:
Public
Unlisted
Private
Folder:
(members only)
Password
NEW
Enabled
Disabled
Burn after read
NEW
Paste Name / Title:
Create New Paste
Hello
Guest
Sign Up
or
Login
Sign in with Facebook
Sign in with Twitter
Sign in with Google
You are currently not logged in, this means you can not edit or delete anything you paste.
Sign Up
or
Login
Public Pastes
Die 7 wichtigsten Aktionen diese Woche
7 hours ago | 4.17 KB
Untitled
7 hours ago | 13.34 KB
Untitled
9 hours ago | 13.59 KB
VNC SCRIPT 2/2: autoinput.vbs
VBScript | 18 hours ago | 0.23 KB
VNC SCRIPT 1/2: vncauto.bat
Batch | 18 hours ago | 0.72 KB
videoscheomedia
XML | 20 hours ago | 1.00 KB
Untitled
1 day ago | 14.91 KB
autconnectVNC.bat
Batch | 1 day ago | 0.93 KB
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the
Cookies Policy
.
OK, I Understand
Not a member of Pastebin yet?
Sign Up
, it unlocks many cool features!
