· 6 years ago · Jan 14, 2020, 03:58 PM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname tauhidnews.wordpress.com ISP Automattic, Inc
4Continent North America Flag
5US
6Country United States Country Code US
7Region California Local time 14 Jan 2020 05:56 PST
8City San Francisco Postal Code 94110
9IP Address 192.0.78.13 Latitude 37.751
10 Longitude -122.412
11
12=======================================================================================================================================
13#######################################################################################################################################
14> tauhidnews.wordpress.com
15Server: 38.132.106.139
16Address: 38.132.106.139#53
17
18Non-authoritative answer:
19tauhidnews.wordpress.com canonical name = lb.wordpress.com.
20Name: lb.wordpress.com
21Address: 192.0.78.13
22Name: lb.wordpress.com
23Address: 192.0.78.12
24>
25#######################################################################################################################################
26[+] Target : tauhidnews.wordpress.com
27
28[+] IP Address : 192.0.78.13
29
30[+] Headers :
31
32[+] Server : nginx
33[+] Date : Tue, 14 Jan 2020 14:07:18 GMT
34[+] Content-Type : text/html; charset=UTF-8
35[+] Transfer-Encoding : chunked
36[+] Connection : keep-alive
37[+] Vary : Accept-Encoding, Cookie
38[+] X-hacker : If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
39[+] Link : <https://wp.me/Lt6t>; rel=shortlink
40[+] Content-Encoding : gzip
41[+] X-ac : 1.yyz _dfw
42[+] Strict-Transport-Security : max-age=15552000
43
44[+] SSL Certificate Information :
45
46[+] organizationalUnitName : EssentialSSL Wildcard
47[+] commonName : *.wordpress.com
48[+] countryName : GB
49[+] stateOrProvinceName : Greater Manchester
50[+] localityName : Salford
51[+] organizationName : COMODO CA Limited
52[+] commonName : COMODO RSA Domain Validation Secure Server CA
53[+] Version : 3
54[+] Serial Number : A7810B64B529C1A86900B6ED8C1A0868
55[+] Not Before : Sep 6 00:00:00 2018 GMT
56[+] Not After : Sep 5 23:59:59 2020 GMT
57[+] OCSP : ('http://ocsp.comodoca.com',)
58[+] subject Alt Name : (('DNS', '*.wordpress.com'), ('DNS', 'wordpress.com'))
59[+] CA Issuers : ('http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt',)
60[+] CRL Distribution Points : ('http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl',)
61
62[+] Whois Lookup :
63
64[+] NIR : None
65[+] ASN Registry : arin
66[+] ASN : 2635
67[+] ASN CIDR : 192.0.78.0/24
68[+] ASN Country Code : US
69[+] ASN Date : 2012-11-20
70[+] ASN Description : AUTOMATTIC - Automattic, Inc, US
71[+] cidr : 192.0.64.0/18
72[+] name : AUTOMATTIC
73[+] handle : NET-192-0-64-0-1
74[+] range : 192.0.64.0 - 192.0.127.255
75[+] description : Automattic, Inc
76[+] country : US
77[+] state : CA
78[+] city : San Francisco
79[+] address : 60 29th Street #343
80[+] postal_code : 94110
81[+] emails : ['ipadmin@automattic.com', 'abuse@automattic.com']
82[+] created : 2012-11-20
83[+] updated : 2012-11-20
84
85[+] Crawling Target...
86
87[+] Looking for robots.txt........[ Found ]
88[+] Extracting robots Links.......[ 11 ]
89[+] Looking for sitemap.xml.......[ Found ]
90[+] Extracting sitemap Links......[ 47 ]
91[+] Extracting CSS Links..........[ 4 ]
92[+] Extracting Javascript Links...[ 4 ]
93[+] Extracting Internal Links.....[ 60 ]
94[+] Extracting External Links.....[ 16 ]
95[+] Extracting Images.............[ 13 ]
96
97[+] Total Links Extracted : 133
98
99[+] Dumping Links in /opt/FinalRecon/dumps/tauhidnews.wordpress.com.dump
100[+] Completed!
101#######################################################################################################################################
102[i] Scanning Site: https://tauhidnews.wordpress.com
103
104
105
106B A S I C I N F O
107====================
108
109
110[+] Site Title: TAUHID wal JIHAD
111[+] IP address: 192.0.78.13
112[+] Web Server: nginx
113[+] CMS: WordPress
114[+] Cloudflare: Not Detected
115[+] Robots File: Found
116
117-------------[ contents ]----------------
118# If you are regularly crawling WordPress.com sites, please use our firehose to receive real-time push updates instead.
119# Please see https://developer.wordpress.com/docs/firehose/ for more details.
120
121Sitemap: https://tauhidnews.wordpress.com/sitemap.xml
122Sitemap: https://tauhidnews.wordpress.com/news-sitemap.xml
123
124User-agent: *
125Disallow: /wp-admin/
126Allow: /wp-admin/admin-ajax.php
127Disallow: /wp-login.php
128Disallow: /wp-signup.php
129Disallow: /press-this.php
130Disallow: /remote-login.php
131Disallow: /activate/
132Disallow: /cgi-bin/
133Disallow: /mshots/v1/
134Disallow: /next/
135Disallow: /public.api/
136
137# This file was generated on Sun, 01 Dec 2019 20:13:43 +0000
138
139-----------[end of contents]-------------
140
141
142
143W H O I S L O O K U P
144========================
145
146 No match for "TAUHIDNEWS.WORDPRESS.COM".
147>>> Last update of whois database: 2020-01-14T14:07:17Z <<<
148
149
150
151The Registry database contains ONLY .COM, .NET, .EDU domains and
152Registrars.
153
154
155
156
157G E O I P L O O K U P
158=========================
159
160[i] IP Address: 192.0.78.13
161[i] Country: United States
162[i] State: California
163[i] City: San Francisco
164[i] Latitude: 37.7506
165[i] Longitude: -122.4121
166
167
168
169
170H T T P H E A D E R S
171=======================
172
173
174[i] HTTP/1.1 200 OK
175[i] Server: nginx
176[i] Date: Tue, 14 Jan 2020 14:07:31 GMT
177[i] Content-Type: text/html; charset=UTF-8
178[i] Connection: close
179[i] Vary: Accept-Encoding
180[i] Last-Modified: Tue, 14 Jan 2020 14:07:25 GMT
181[i] Cache-Control: max-age=294, must-revalidate
182[i] X-nananana: Batcache
183[i] Vary: Cookie
184[i] X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
185[i] Link: <https://wp.me/Lt6t>; rel=shortlink
186[i] X-ac: 1.yyz _dfw
187[i] Strict-Transport-Security: max-age=15552000
188
189
190
191
192D N S L O O K U P
193===================
194
195tauhidnews.wordpress.com. 14399 IN CNAME lb.wordpress.com.
196
197
198
199
200S U B N E T C A L C U L A T I O N
201====================================
202
203Address = 192.0.78.13
204Network = 192.0.78.13 / 32
205Netmask = 255.255.255.255
206Broadcast = not needed on Point-to-Point links
207Wildcard Mask = 0.0.0.0
208Hosts Bits = 0
209Max. Hosts = 1 (2^0 - 0)
210Host Range = { 192.0.78.13 - 192.0.78.13 }
211
212
213
214N M A P P O R T S C A N
215============================
216
217Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-14 14:07 UTC
218Nmap scan report for tauhidnews.wordpress.com (192.0.78.12)
219Host is up (0.0016s latency).
220Other addresses for tauhidnews.wordpress.com (not scanned): 192.0.78.13
221
222PORT STATE SERVICE
22321/tcp filtered ftp
22422/tcp filtered ssh
22523/tcp filtered telnet
22680/tcp open http
227110/tcp filtered pop3
228143/tcp filtered imap
229443/tcp open https
2303389/tcp filtered ms-wbt-server
231
232Nmap done: 1 IP address (1 host up) scanned in 1.37 seconds
233
234
235#######################################################################################################################################
236[+] Starting At 2020-01-14 09:07:44.008101
237[+] Collecting Information On: https://tauhidnews.wordpress.com/
238[#] Status: 200
239--------------------------------------------------
240[#] Web Server Detected: nginx
241[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
242- Server: nginx
243- Date: Tue, 14 Jan 2020 14:07:41 GMT
244- Content-Type: text/html; charset=UTF-8
245- Transfer-Encoding: chunked
246- Connection: keep-alive
247- Vary: Accept-Encoding, Cookie
248- Last-Modified: Tue, 14 Jan 2020 14:07:25 GMT
249- Cache-Control: max-age=284, must-revalidate
250- X-nananana: Batcache
251- X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
252- Link: <https://wp.me/Lt6t>; rel=shortlink
253- Content-Encoding: gzip
254- X-ac: 1.yyz _dfw
255- Strict-Transport-Security: max-age=15552000
256--------------------------------------------------
257[#] Finding Location..!
258[#] status: success
259[#] country: United States
260[#] countryCode: US
261[#] region: CA
262[#] regionName: California
263[#] city: San Francisco
264[#] zip: 94110
265[#] lat: 37.7441
266[#] lon: -122.422
267[#] timezone: America/Los_Angeles
268[#] isp: Automattic, Inc
269[#] org: Automattic, Inc
270[#] as: AS2635 Automattic, Inc
271[#] query: 192.0.78.9
272--------------------------------------------------
273[x] Didn't Detect WAF Presence on: https://tauhidnews.wordpress.com/
274--------------------------------------------------
275[#] Starting Reverse DNS
276[!] Found 26 any Domain
277- blog.batdetective.org
278- blog.betterlesson.com
279- blog.carmyleephotography.com
280- blog.cyclonecenter.org
281- blog.koenvermoesen.be
282- blog.planetfour.org
283- blog.qualifacts.com
284- catheycook.com
285- channelsailing.org
286- columns.dcp.ufl.edu
287- dartdallas.dart.org
288- desertvistanews.com
289- detoursfrance.com
290- ea-transport.com
291- environment.elnidoresorts.com
292- furniture.theroomplace.com
293- ifc.uconn.edu
294- make.wp-api.org
295- makerfaire.com
296- thecrazysmile.com
297- universaloutreachfoundation.org
298- waltde.com
299- warwickshirewalkies.com
300- westaccounting.com
301- wordpress.com
302- zenshinkai.org
303--------------------------------------------------
304[!] Scanning Open Port
305[#] 80/tcp open http
306[#] 443/tcp open https
307--------------------------------------------------
308[+] Getting SSL Info
309{'OCSP': ('http://ocsp.comodoca.com',),
310 'caIssuers': ('http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt',),
311 'crlDistributionPoints': ('http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl',),
312 'issuer': ((('countryName', 'GB'),),
313 (('stateOrProvinceName', 'Greater Manchester'),),
314 (('localityName', 'Salford'),),
315 (('organizationName', 'COMODO CA Limited'),),
316 (('commonName', 'COMODO RSA Domain Validation Secure Server CA'),)),
317 'notAfter': 'Sep 5 23:59:59 2020 GMT',
318 'notBefore': 'Sep 6 00:00:00 2018 GMT',
319 'serialNumber': 'A7810B64B529C1A86900B6ED8C1A0868',
320 'subject': ((('organizationalUnitName', 'Domain Control Validated'),),
321 (('organizationalUnitName', 'EssentialSSL Wildcard'),),
322 (('commonName', '*.wordpress.com'),)),
323 'subjectAltName': (('DNS', '*.wordpress.com'), ('DNS', 'wordpress.com')),
324 'version': 3}
325-----BEGIN CERTIFICATE-----
326MIIG2TCCBcGgAwIBAgIRAKeBC2S1KcGoaQC27YwaCGgwDQYJKoZIhvcNAQELBQAw
327gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
328BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
329VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
330Q0EwHhcNMTgwOTA2MDAwMDAwWhcNMjAwOTA1MjM1OTU5WjBdMSEwHwYDVQQLExhE
331b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHjAcBgNVBAsTFUVzc2VudGlhbFNTTCBX
332aWxkY2FyZDEYMBYGA1UEAwwPKi53b3JkcHJlc3MuY29tMIIBIjANBgkqhkiG9w0B
333AQEFAAOCAQ8AMIIBCgKCAQEAtX8qlG2EEfbt976zryjdtGbx89fdxpoAUfwTmW6Y
3348DY0LCvtejfR3w8kPEO6e3iRwyAmXoDBtA7cU06AsUP3e5cQyoWXcrW3ijsETOd9
335aBA58CeCsZJ47KfFxCU91Fijpv1VarlJblydVx1JouEj0HlGqAghLsrDehkQwczs
336EwWtz5gOvenRGPIXVw1g/Or/QYv1fwcvOglhOgbKN2HpHnIPOp9RAFbYPWhDC7sc
337a4lK2o85siaoe7563fSd+FfsiQ6Ssh4fK2sMqXbWqoyKonem+6rCWdWPvVsIBDH2
3388v2HZ6s74CQSeMuAy5CZJOwv8emqlByp9GtuGWECqOgLpwIDAQABo4IDXjCCA1ow
339HwYDVR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFA1qB7w5
340rS0dqQtaLzRiiA9WS7X2MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
341A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQB
342sjEBAgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20v
343Q1BTMAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9k
344b2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0Eu
345Y3JsMIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29t
346b2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJD
347QS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTApBgNV
348HREEIjAggg8qLndvcmRwcmVzcy5jb22CDXdvcmRwcmVzcy5jb20wggF/BgorBgEE
349AdZ5AgQCBIIBbwSCAWsBaQB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6
350qP3LAAABZayjjkoAAAQDAEcwRQIhAKz7RLxwEe2RASIQxFmK0wa5cL+UkxNsca2L
351rQY3cOjMAiARjKGfL3sPAj3NaiKaJceVxd2xKIqgVFiyn+nUNLziUQB3AF6nc/nf
352VsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABZayjjocAAAQDAEgwRgIhAP6F
353dPFHxFhI07FV6PGss0u34O3IKh7t5bdInq1yzfGHAiEA2CPZamK6a3DLTOPmdFfk
354BVl51AekibMouaopWKH9cAwAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6od
355BxPTDAAAAWWso45sAAAEAwBHMEUCIQChMawM9D4XL9Rty9yIHVt5nSAWlnWO9mUa
3565PukI4ogIQIgbbnceypgG1l21iW7p9PKMxG1aVILjVLPyM5bvEX1T/8wDQYJKoZI
357hvcNAQELBQADggEBAHs2PmSUv9MLxHibC/FugGZkr9zOgkxEVVtQlNVUZkNPGeGx
358017Vwhi37+mNHp8uyT6zTOtKw1YBEDlEKvGWH7L86hK57kP+BdpVkjiuRA7jtVZ/
359wVSzD8mUv3IT6YAN3Xe8ZRRm1wkrjgaF8tPVLDC3IAqgq7PRGKF6YMdYdC3VtO4J
360pfLhODzOmQEWgHTq/6avc2AkvOCdtOEyJNayEFcGhWGKoSkEXKt3UF5+UPn2XFyO
361hSmJErVCPQv6E8iwsAc1ugRZuEubiP0dp1RLiyLoPW8Pmzm2bidp55Tkm7zfqjjk
362O4h2j0/57jEg1LPNvtUTFgZr0ULj3tOxoSTmesc=
363-----END CERTIFICATE-----
364
365--------------------------------------------------
366[+] Collecting Information Disclosure!
367[#] Detecting sitemap.xml file
368[!] sitemap.xml File Found: https://tauhidnews.wordpress.com/sitemap.xml
369[#] Detecting robots.txt file
370[!] robots.txt File Found: https://tauhidnews.wordpress.com//robots.txt
371[#] Detecting GNU Mailman
372[-] GNU Mailman App Not Detected!?
373--------------------------------------------------
374[+] Crawling Url Parameter On: https://tauhidnews.wordpress.com/
375--------------------------------------------------
376[#] Searching Html Form !
377[+] Html Form Discovered
378[#] action: None
379[#] class: None
380[#] id: None
381[#] method: post
382--------------------------------------------------
383[!] Found 16 dom parameter
384[#] https://tauhidnews.wordpress.com/2011/04/26/235/#respond
385[#] https://tauhidnews.wordpress.com/2011/03/28/sofyan-tsauri-%e2%80%9cdatanglah-kalian-kemari-bebaskan-tawanan-muslim%e2%80%9d/#more-232
386[#] https://tauhidnews.wordpress.com/2011/03/28/sofyan-tsauri-%e2%80%9cdatanglah-kalian-kemari-bebaskan-tawanan-muslim%e2%80%9d/#comments
387[#] https://tauhidnews.wordpress.com/2011/02/24/kalkulator-zakat/#more-220
388[#] https://tauhidnews.wordpress.com/2011/02/24/kalkulator-zakat/#respond
389[#] https://tauhidnews.wordpress.com//#_ftn1
390[#] https://tauhidnews.wordpress.com/2011/02/09/%d9%83%d9%8a%d9%81-%d9%8a%d8%b7%d9%8a%d8%a8-%d8%a7%d9%84%d9%82%d8%b9%d9%88%d8%af-%d8%9f-bagaimana-bisa-tetap-tenang-untuk-duduk/#more-211
391[#] https://tauhidnews.wordpress.com/2011/02/09/%d9%83%d9%8a%d9%81-%d9%8a%d8%b7%d9%8a%d8%a8-%d8%a7%d9%84%d9%82%d8%b9%d9%88%d8%af-%d8%9f-bagaimana-bisa-tetap-tenang-untuk-duduk/#respond
392[#] https://tauhidnews.wordpress.com/2011/01/20/sofyan-tsauri-divonis-10-tahun-penjara/#more-203
393[#] https://tauhidnews.wordpress.com/2011/01/20/sofyan-tsauri-divonis-10-tahun-penjara/#comments
394[#] https://tauhidnews.wordpress.com/2011/01/15/50-tokoh-jil-indonesia%e2%80%9d-maka-hati-hatilah/#comments
395[#] https://tauhidnews.wordpress.com/2011/01/15/order-anda-untuk-ma-isyah-mereka/#respond
396[#] https://tauhidnews.wordpress.com/2010/12/03/ajaran-islam-yg-tersingkir/#respond
397[#] https://tauhidnews.wordpress.com/2010/11/05/foto-foto-merapi/#respond
398[#] https://tauhidnews.wordpress.com/2010/11/05/donate-for-mujahid-family/#respond
399[#] https://tauhidnews.wordpress.com//#
400--------------------------------------------------
401[!] 3 Internal Dynamic Parameter Discovered
402[+] https://tauhidnews.wordpress.com/xmlrpc.php?rsd
403[+] https://tauhidnews.wordpress.com/?attachment_id=957
404[+] http://rovicky.files.wordpress.com/2010/11/okt2010_merapi_010.jpg?w=428
405--------------------------------------------------
406[!] 3 External Dynamic Parameter Discovered
407[#] https://secure.gravatar.com/blavatar/2ff619c598005d69ff57ab58763c31b4?s=32
408[#] https://secure.gravatar.com/blavatar/2ff619c598005d69ff57ab58763c31b4?s=32
409[#] https://secure.gravatar.com/blavatar/2ff619c598005d69ff57ab58763c31b4?s=114
410--------------------------------------------------
411[!] 68 Internal links Discovered
412[+] https://tauhidnews.wordpress.com/xmlrpc.php
413[+] https://tauhidnews.wordpress.com/feed/
414[+] https://tauhidnews.wordpress.com/comments/feed/
415[+] https://tauhidnews.wordpress.com/osd.xml
416[+] https://tauhidnews.wordpress.com/
417[+] https://tauhidnews.wordpress.com/
418[+] https://tauhidnews.wordpress.com/perihal/
419[+] https://tauhidnews.wordpress.com/syubuhat/
420[+] https://tauhidnews.wordpress.com/2011/04/26/235/
421[+] https://tauhidnews.files.wordpress.com/2011/04/yes.jpg
422[+] http://lintastanzhim.wordpress.com/
423[+] https://tauhidnews.wordpress.com/2011/04/26/
424[+] https://tauhidnews.wordpress.com/author/softguncenter/
425[+] https://tauhidnews.wordpress.com/category/berita/hari-ini/
426[+] https://tauhidnews.wordpress.com/2011/03/28/sofyan-tsauri-%e2%80%9cdatanglah-kalian-kemari-bebaskan-tawanan-muslim%e2%80%9d/
427[+] https://tauhidnews.wordpress.com/2011/03/28/
428[+] https://tauhidnews.wordpress.com/author/softguncenter/
429[+] https://tauhidnews.wordpress.com/category/berita/hari-ini/
430[+] https://tauhidnews.wordpress.com/2011/02/24/kalkulator-zakat/
431[+] https://tauhidnews.files.wordpress.com/2011/02/banner-donate-mujahidin1.png
432[+] https://tauhidnews.wordpress.com/2011/02/24/
433[+] https://tauhidnews.wordpress.com/author/softguncenter/
434[+] https://tauhidnews.wordpress.com/category/fiqih/
435[+] https://tauhidnews.wordpress.com/2011/02/09/%d9%83%d9%8a%d9%81-%d9%8a%d8%b7%d9%8a%d8%a8-%d8%a7%d9%84%d9%82%d8%b9%d9%88%d8%af-%d8%9f-bagaimana-bisa-tetap-tenang-untuk-duduk/
436[+] https://tauhidnews.files.wordpress.com/2011/02/maghrib-2.jpg
437[+] https://tauhidnews.wordpress.com/2011/02/09/
438[+] https://tauhidnews.wordpress.com/author/softguncenter/
439[+] https://tauhidnews.wordpress.com/category/jihad/
440[+] https://tauhidnews.wordpress.com/2011/01/20/sofyan-tsauri-divonis-10-tahun-penjara/
441[+] https://tauhidnews.files.wordpress.com/2011/01/sofyantsauri.jpg
442[+] https://tauhidnews.wordpress.com/2011/01/20/
443[+] https://tauhidnews.wordpress.com/author/softguncenter/
444[+] https://tauhidnews.wordpress.com/category/berita/hari-ini/
445[+] https://tauhidnews.wordpress.com/2011/01/15/50-tokoh-jil-indonesia%e2%80%9d-maka-hati-hatilah/
446[+] https://tauhidnews.wordpress.com/2011/01/15/
447[+] https://tauhidnews.wordpress.com/author/softguncenter/
448[+] https://tauhidnews.wordpress.com/category/berita/hari-ini/
449[+] https://tauhidnews.wordpress.com/2011/01/15/order-anda-untuk-ma-isyah-mereka/
450[+] https://tauhidnews.files.wordpress.com/2011/01/kreator.jpg
451[+] https://tauhidnews.files.wordpress.com/2011/01/kreator-2.jpg
452[+] https://tauhidnews.files.wordpress.com/2011/01/kreator-1.jpg
453[+] https://tauhidnews.wordpress.com/2011/01/15/
454[+] https://tauhidnews.wordpress.com/author/softguncenter/
455[+] https://tauhidnews.wordpress.com/category/berita/hari-ini/
456[+] https://tauhidnews.wordpress.com/2010/12/03/ajaran-islam-yg-tersingkir/
457[+] https://tauhidnews.wordpress.com/2010/12/03/
458[+] https://tauhidnews.wordpress.com/author/softguncenter/
459[+] https://tauhidnews.wordpress.com/2010/11/05/foto-foto-merapi/
460[+] https://tauhidnews.wordpress.com/2010/11/05/
461[+] https://tauhidnews.wordpress.com/author/softguncenter/
462[+] https://tauhidnews.wordpress.com/category/berita/hari-ini/
463[+] https://tauhidnews.wordpress.com/2010/11/05/donate-for-mujahid-family/
464[+] https://tauhidnews.files.wordpress.com/2010/11/banner-kambing-3.jpg
465[+] https://tauhidnews.wordpress.com/2010/11/05/
466[+] https://tauhidnews.wordpress.com/author/softguncenter/
467[+] https://tauhidnews.wordpress.com/category/berita/hari-ini/
468[+] https://tauhidnews.wordpress.com/page/2/
469[+] http://bekamsehat.wordpress.com/
470[+] http://millahibrahim.wordpress.com
471[+] https://tauhidnews.wordpress.com/category/berita/
472[+] https://tauhidnews.wordpress.com/category/berita/hari-ini/
473[+] https://tauhidnews.wordpress.com/category/berita/kemarin/
474[+] https://tauhidnews.wordpress.com/category/fiqih/
475[+] https://tauhidnews.wordpress.com/category/jihad/
476[+] https://tauhidnews.wordpress.com/category/tauhid/
477[+] https://tauhidnews.wordpress.com/category/tauhid/mengenal-manhaj-ht/
478[+] https://tauhidnews.wordpress.com/feed/
479[+] https://tauhidnews.wordpress.com/comments/feed/
480--------------------------------------------------
481[!] 7 External links Discovered
482[#] https://s2.wp.com/wp-content/themes/pub/andreas04/style.css
483[#] https://s1.wp.com/wp-includes/wlwmanifest.xml
484[#] https://s1.wp.com/opensearch.xml
485[#] http://arrahmah.com/images/stories/2011/03/sofyan_tasauri7.jpg
486[#] http://www.arismansuyendra.com/
487[#] http://trezna.com/
488[#] https://automattic.com/cookies
489--------------------------------------------------
490[#] Mapping Subdomain..
491[!] Found 100 Subdomain
492- wordpress.com
493- einheit11.wordpress.com
494- s1.wordpress.com
495- rojbas1.wordpress.com
496- ns1.wordpress.com
497- mdns1.wordpress.com
498- s2.wordpress.com
499- rojbas2.wordpress.com
500- ns2.wordpress.com
501- mdns2.wordpress.com
502- s3.wordpress.com
503- ns3.wordpress.com
504- mdns3.wordpress.com
505- ns4.wordpress.com
506- mdns4.wordpress.com
507- ns5.wordpress.com
508- ns6.wordpress.com
509- dca.wordpress.com
510- smtp1-1.dca.wordpress.com
511- smtp2-1.dca.wordpress.com
512- smtp3-1.dca.wordpress.com
513- smtp1.dca.wordpress.com
514- smtp-backup-out1.dca.wordpress.com
515- smtp1-2.dca.wordpress.com
516- smtp2-2.dca.wordpress.com
517- smtp3-2.dca.wordpress.com
518- smtp2.dca.wordpress.com
519- smtp-backup-out2.dca.wordpress.com
520- smtp3.dca.wordpress.com
521- smtp4.dca.wordpress.com
522- smtp1-fwd.dca.wordpress.com
523- help.tatum.dca.wordpress.com
524- smtp-backup.dca.wordpress.com
525- janosjarda.wordpress.com
526- bibliotekaislama.wordpress.com
527- hizbua.wordpress.com
528- lb.wordpress.com
529- mapped-lb.wordpress.com
530- vip-lb.wordpress.com
531- noc1.iad.wordpress.com
532- altauhid.wordpress.com
533- smtp-fwd.wordpress.com
534- znaniavislame.wordpress.com
535- pirtukxane.wordpress.com
536- tawhidonline.wordpress.com
537- pkkonline.wordpress.com
538- smithinstitute.wordpress.com
539- apeatling.wordpress.com
540- putinbog.wordpress.com
541- khilafahdaulahislamiyyah.wordpress.com
542- raffaellopantucci.wordpress.com
543- public-api.wordpress.com
544- xalifati.wordpress.com
545- jetpack.wordpress.com
546- akhbardawlatalislam.wordpress.com
547- alaninform.wordpress.com
548- thomasnegovan.wordpress.com
549- peaceinkurdistancampaign.wordpress.com
550- r-login.wordpress.com
551- horizon.wordpress.com
552- vip-svn.wordpress.com
553- abrorinfo.wordpress.com
554- wpcalypso.wordpress.com
555- beatcensorship.wordpress.com
556- vip.wordpress.com
557- xmpp.wordpress.com
558- signup.wordpress.com
559- panteidar.wordpress.com
560- refer.wordpress.com
561- tr.wordpress.com
562- bur.wordpress.com
563- smtp1-1.bur.wordpress.com
564- smtp2-1.bur.wordpress.com
565- smtp3-1.bur.wordpress.com
566- smtp1.bur.wordpress.com
567- smtp-backup-out1.bur.wordpress.com
568- mx1.bur.wordpress.com
569- smtp1-2.bur.wordpress.com
570- smtp2-2.bur.wordpress.com
571- smtp3-2.bur.wordpress.com
572- smtp2.bur.wordpress.com
573- smtp-backup-out2.bur.wordpress.com
574- smtp1-3.bur.wordpress.com
575- smtp2-3.bur.wordpress.com
576- smtp3-3.bur.wordpress.com
577- smtp3.bur.wordpress.com
578- smtp-backup-out3.bur.wordpress.com
579- smtp4.bur.wordpress.com
580- smtp-backup.bur.wordpress.com
581- mogilefs.bur.wordpress.com
582- s.wordpress.com
583- files.wordpress.com
584- tctechcrunch2011.files.wordpress.com
585- s1.files.wordpress.com
586- pgoaamericanprofile2.files.wordpress.com
587- metrouk2.files.wordpress.com
588- s2.files.wordpress.com
589- s3.files.wordpress.com
590- s4.files.wordpress.com
591- s5.files.wordpress.com
592--------------------------------------------------
593[!] Done At 2020-01-14 09:08:00.597336
594#######################################################################################################################################
595Trying "tauhidnews.wordpress.com"
596;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50261
597;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 8
598
599;; QUESTION SECTION:
600;tauhidnews.wordpress.com. IN ANY
601
602;; ANSWER SECTION:
603tauhidnews.wordpress.com. 14400 IN CNAME lb.wordpress.com.
604
605;; AUTHORITY SECTION:
606wordpress.com. 23948 IN NS ns2.wordpress.com.
607wordpress.com. 23948 IN NS ns4.wordpress.com.
608wordpress.com. 23948 IN NS ns1.wordpress.com.
609wordpress.com. 23948 IN NS ns3.wordpress.com.
610
611;; ADDITIONAL SECTION:
612ns1.wordpress.com. 34321 IN A 198.181.116.9
613ns2.wordpress.com. 34321 IN A 198.181.117.9
614ns3.wordpress.com. 35051 IN A 192.0.74.9
615ns4.wordpress.com. 41851 IN A 192.0.75.9
616ns1.wordpress.com. 3961 IN AAAA 2a04:fa87:ffff::c6b5:7409
617ns2.wordpress.com. 3961 IN AAAA 2a04:fa87:ffff::c6b5:7509
618ns3.wordpress.com. 3961 IN AAAA 2620:115:c00f::c000:4a09
619ns4.wordpress.com. 41851 IN AAAA 2620:115:c00f::c000:4b09
620
621Received 307 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 52 ms
622######################################################################################################################################
623
624; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace tauhidnews.wordpress.com any
625;; global options: +cmd
626. 82918 IN NS k.root-servers.net.
627. 82918 IN NS i.root-servers.net.
628. 82918 IN NS f.root-servers.net.
629. 82918 IN NS d.root-servers.net.
630. 82918 IN NS g.root-servers.net.
631. 82918 IN NS h.root-servers.net.
632. 82918 IN NS b.root-servers.net.
633. 82918 IN NS a.root-servers.net.
634. 82918 IN NS e.root-servers.net.
635. 82918 IN NS c.root-servers.net.
636. 82918 IN NS l.root-servers.net.
637. 82918 IN NS m.root-servers.net.
638. 82918 IN NS j.root-servers.net.
639. 82918 IN RRSIG NS 8 0 518400 20200127050000 20200114040000 33853 . EepI4SUpGg0odBX8ERSigFjrDmiWEiv+o8XclWm3ACKVa4tkz4ytlPDB rZenNpTY3yxb9kuDcqpQxpiyXMJQPAsEgKSwUS9Ns2YsBNkeVhuir3IW 63NfqFTjMVcIkPJoNLj8cME0siZDjKXVcBfwxITPvUkjjSgJWgbugWYw /RiQDpJEost0kAIEBECjhOMJWCGOdGqQ82KRZ7bKcLDMUTpekBTuchzf NLhf65/g/eLTURcxW1wOAi5N4tzXfnBUCor7mp83TFZGhuhXbJZsPPsi sWTTcw8Gcgj9qZY2qkpHlBeA9DNk471WtBjq6DFBATdHl35wxBrEiKTX TOPEYA==
640;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 109 ms
641
642com. 172800 IN NS a.gtld-servers.net.
643com. 172800 IN NS d.gtld-servers.net.
644com. 172800 IN NS g.gtld-servers.net.
645com. 172800 IN NS l.gtld-servers.net.
646com. 172800 IN NS f.gtld-servers.net.
647com. 172800 IN NS c.gtld-servers.net.
648com. 172800 IN NS k.gtld-servers.net.
649com. 172800 IN NS h.gtld-servers.net.
650com. 172800 IN NS j.gtld-servers.net.
651com. 172800 IN NS m.gtld-servers.net.
652com. 172800 IN NS i.gtld-servers.net.
653com. 172800 IN NS e.gtld-servers.net.
654com. 172800 IN NS b.gtld-servers.net.
655com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
656com. 86400 IN RRSIG DS 8 1 86400 20200127050000 20200114040000 33853 . pxvAOiNETWf8HKP73LZlgvJzHPs9vtt5gophXbUJDCC53SUNbDrq/Mh5 w4MmuNoaDqUK3VXFAti/7OerOcC69xDa91aGtI0WCDBxCvn9Gp1HOAMl 4UbQC1PyTj28KZQ2HTC32E6IuXJUATFjgGGst93Q3AfLoEduc2GW78ZN Hz3+F05O6ko3Ee0XJ2V8KgSqo5h7M0uo6ELryRqawXxAbyHnxGJwiVj/ 7oNbJgvYRkThgxBXI+wF1lB/qFfE2kp0ydmPpctNK/3RU9fQ7FRaR1qA WoHExfvcUt82SyMb2RQod00hZ66RJSdRgMQ4pjG2VVZdUQkFoW8q/KsA Zrhevg==
657;; Received 1212 bytes from 199.9.14.201#53(b.root-servers.net) in 166 ms
658
659wordpress.com. 172800 IN NS ns1.wordpress.com.
660wordpress.com. 172800 IN NS ns2.wordpress.com.
661wordpress.com. 172800 IN NS ns3.wordpress.com.
662wordpress.com. 172800 IN NS ns4.wordpress.com.
663CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
664CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200118054808 20200111043808 12163 com. mJDVyBXNFu4QvSm0aiiGqYePcLyOMfDG98KMTklwbotug692+YknzpTG ItGMpe3j/gtjgR3jHhqerUbLBcpBvVXV0fBzbvK9T0Aq1y3+GDFlMpca AI2lyZRU8vW6LktxyxklKmfsw63i012yukjg1Lg4lZRQZ08WVSFMV+pJ svYqBKt3hagff6Sk9ceIyr70dEaI8lAH9z2QTI5DZOdFuQ==
6657TFREVBJL4RAANVLQ22GT5V59GTT1P0G.com. 86400 IN NSEC3 1 1 0 - 7TFS2UADM281CSPGJA3F36MIHQCGPCCS NS DS RRSIG
6667TFREVBJL4RAANVLQ22GT5V59GTT1P0G.com. 86400 IN RRSIG NSEC3 8 2 86400 20200120071411 20200113060411 12163 com. gcZr8nVRMPbL0ILFuHSEzKoetg4OH5RqCmhJesd4wh7Y0KLbElF2tWVt PMW5Nd0ZCvOI930nY2q2/rVx8vkGO+B7VX73vMSqqtDe3AIJ2F3MZPaG zLaawcT97ykkMp3NAzrzKmPH1s23nCb+bae19wDZDqNG0qeCfvJYzavf ZX8lNUmNoX5SqsqVSCg8znjXXz6dSH9qWWR4dz7S+UKzZw==
667;; Received 850 bytes from 2001:503:eea3::30#53(g.gtld-servers.net) in 106 ms
668
669lb.wordpress.com. 300 IN A 192.0.78.12
670lb.wordpress.com. 300 IN A 192.0.78.13
671tauhidnews.wordpress.com. 14400 IN CNAME lb.wordpress.com.
672;; Received 102 bytes from 2620:115:c00f::c000:4b09#53(ns4.wordpress.com) in 32 ms
673#######################################################################################################################################
674 AVAILABLE PLUGINS
675 -----------------
676
677 EarlyDataPlugin
678 OpenSslCcsInjectionPlugin
679 SessionResumptionPlugin
680 CertificateInfoPlugin
681 SessionRenegotiationPlugin
682 HeartbleedPlugin
683 HttpHeadersPlugin
684 CompressionPlugin
685 OpenSslCipherSuitesPlugin
686 FallbackScsvPlugin
687 RobotPlugin
688
689
690
691 CHECKING HOST(S) AVAILABILITY
692 -----------------------------
693
694 192.0.78.13:443 => 192.0.78.13
695
696
697
698
699 SCAN RESULTS FOR 192.0.78.13:443 - 192.0.78.13
700 ----------------------------------------------
701
702 * Deflate Compression:
703 OK - Compression disabled
704
705 * OpenSSL CCS Injection:
706 OK - Not vulnerable to OpenSSL CCS injection
707
708 * SSLV2 Cipher Suites:
709 Server rejected all cipher suites.
710
711 * TLS 1.2 Session Resumption Support:
712 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
713 With TLS Tickets: OK - Supported
714
715 * SSLV3 Cipher Suites:
716 Server rejected all cipher suites.
717
718 * OpenSSL Heartbleed:
719 OK - Not vulnerable to Heartbleed
720
721 * Session Renegotiation:
722 Client-initiated Renegotiation: OK - Rejected
723 Secure Renegotiation: OK - Supported
724
725 * TLSV1 Cipher Suites:
726 Forward Secrecy OK - Supported
727 RC4 OK - Not Supported
728
729 Preferred:
730 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
731 Accepted:
732 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
733 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
734 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
735 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
736 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
737
738 * TLSV1_3 Cipher Suites:
739 Forward Secrecy OK - Supported
740 RC4 OK - Not Supported
741
742 Preferred:
743 TLS_AES_256_GCM_SHA384 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
744 Accepted:
745 TLS_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
746 TLS_AES_256_GCM_SHA384 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
747 TLS_AES_128_GCM_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
748
749 * Certificate Information:
750 Content
751 SHA1 Fingerprint: 6a0f88d62d7accaf2401b77a7a689c9ffd76c4be
752 Common Name: *.wordpress.com
753 Issuer: COMODO RSA Domain Validation Secure Server CA
754 Serial Number: 222651112676221102393442739832881809512
755 Not Before: 2018-09-06 00:00:00
756 Not After: 2020-09-05 23:59:59
757 Signature Algorithm: sha256
758 Public Key Algorithm: RSA
759 Key Size: 2048
760 Exponent: 65537 (0x10001)
761 DNS Subject Alternative Names: ['*.wordpress.com', 'wordpress.com']
762
763 Trust
764 Hostname Validation: FAILED - Certificate does NOT match 192.0.78.13
765 Android CA Store (9.0.0_r9): OK - Certificate is trusted
766 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
767 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
768 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
769 Windows CA Store (2019-05-27): OK - Certificate is trusted
770 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
771 Received Chain: *.wordpress.com --> COMODO RSA Domain Validation Secure Server CA --> COMODO RSA Certification Authority
772 Verified Chain: *.wordpress.com --> COMODO RSA Domain Validation Secure Server CA --> COMODO RSA Certification Authority
773 Received Chain Contains Anchor: OK - Anchor certificate not sent
774 Received Chain Order: OK - Order is valid
775 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
776
777 Extensions
778 OCSP Must-Staple: NOT SUPPORTED - Extension not found
779 Certificate Transparency: OK - 3 SCTs included
780
781 OCSP Stapling
782 NOT SUPPORTED - Server did not send back an OCSP response
783
784 * ROBOT Attack:
785 OK - Not vulnerable
786
787 * Downgrade Attacks:
788 TLS_FALLBACK_SCSV: OK - Supported
789
790 * TLSV1_1 Cipher Suites:
791 Forward Secrecy OK - Supported
792 RC4 OK - Not Supported
793
794 Preferred:
795 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
796 Accepted:
797 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
798 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
799
800 * TLSV1_2 Cipher Suites:
801 Forward Secrecy OK - Supported
802 RC4 OK - Not Supported
803
804 Preferred:
805 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
806 Accepted:
807 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
808 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
809 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
810 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
811 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
812 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
813
814
815 SCAN COMPLETED IN 4.58 S
816 ------------------------
817######################################################################################################################################
818AVAILABLE PLUGINS
819 -----------------
820
821 EarlyDataPlugin
822 HttpHeadersPlugin
823 OpenSslCcsInjectionPlugin
824 SessionResumptionPlugin
825 CertificateInfoPlugin
826 SessionRenegotiationPlugin
827 HeartbleedPlugin
828 CompressionPlugin
829 OpenSslCipherSuitesPlugin
830 FallbackScsvPlugin
831 RobotPlugin
832
833
834
835 CHECKING HOST(S) AVAILABILITY
836 -----------------------------
837
838 192.0.78.12:443 => 192.0.78.12
839
840
841
842
843 SCAN RESULTS FOR 192.0.78.12:443 - 192.0.78.12
844 ----------------------------------------------
845
846 * OpenSSL CCS Injection:
847 OK - Not vulnerable to OpenSSL CCS injection
848
849 * SSLV2 Cipher Suites:
850 Server rejected all cipher suites.
851
852 * TLS 1.2 Session Resumption Support:
853 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
854 With TLS Tickets: OK - Supported
855
856 * Session Renegotiation:
857 Client-initiated Renegotiation: OK - Rejected
858 Secure Renegotiation: OK - Supported
859
860 * OpenSSL Heartbleed:
861 OK - Not vulnerable to Heartbleed
862
863 * SSLV3 Cipher Suites:
864 Server rejected all cipher suites.
865
866 * Deflate Compression:
867 OK - Compression disabled
868
869 * TLSV1 Cipher Suites:
870 Forward Secrecy OK - Supported
871 RC4 OK - Not Supported
872
873 Preferred:
874 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
875 Accepted:
876 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
877 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
878 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
879 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
880 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
881
882 * TLSV1_3 Cipher Suites:
883 Forward Secrecy OK - Supported
884 RC4 OK - Not Supported
885
886 Preferred:
887 TLS_AES_256_GCM_SHA384 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
888 Accepted:
889 TLS_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
890 TLS_AES_256_GCM_SHA384 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
891 TLS_AES_128_GCM_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
892
893 * Certificate Information:
894 Content
895 SHA1 Fingerprint: 6a0f88d62d7accaf2401b77a7a689c9ffd76c4be
896 Common Name: *.wordpress.com
897 Issuer: COMODO RSA Domain Validation Secure Server CA
898 Serial Number: 222651112676221102393442739832881809512
899 Not Before: 2018-09-06 00:00:00
900 Not After: 2020-09-05 23:59:59
901 Signature Algorithm: sha256
902 Public Key Algorithm: RSA
903 Key Size: 2048
904 Exponent: 65537 (0x10001)
905 DNS Subject Alternative Names: ['*.wordpress.com', 'wordpress.com']
906
907 Trust
908 Hostname Validation: FAILED - Certificate does NOT match 192.0.78.12
909 Android CA Store (9.0.0_r9): OK - Certificate is trusted
910 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
911 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
912 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
913 Windows CA Store (2019-05-27): OK - Certificate is trusted
914 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
915 Received Chain: *.wordpress.com --> COMODO RSA Domain Validation Secure Server CA --> COMODO RSA Certification Authority
916 Verified Chain: *.wordpress.com --> COMODO RSA Domain Validation Secure Server CA --> COMODO RSA Certification Authority
917 Received Chain Contains Anchor: OK - Anchor certificate not sent
918 Received Chain Order: OK - Order is valid
919 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
920
921 Extensions
922 OCSP Must-Staple: NOT SUPPORTED - Extension not found
923 Certificate Transparency: OK - 3 SCTs included
924
925 OCSP Stapling
926 NOT SUPPORTED - Server did not send back an OCSP response
927
928 * ROBOT Attack:
929 OK - Not vulnerable
930
931 * Downgrade Attacks:
932 TLS_FALLBACK_SCSV: OK - Supported
933
934 * TLSV1_1 Cipher Suites:
935 Forward Secrecy OK - Supported
936 RC4 OK - Not Supported
937
938 Preferred:
939 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
940 Accepted:
941 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
942 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
943
944 * TLSV1_2 Cipher Suites:
945 Forward Secrecy OK - Supported
946 RC4 OK - Not Supported
947
948 Preferred:
949 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
950 Accepted:
951 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
952 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
953 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
954 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
955 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
956 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
957
958
959 SCAN COMPLETED IN 4.75 S
960 ------------------------
961#######################################################################################################################################
962WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
963Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:10 EST
964Nmap scan report for 192.0.78.12
965Host is up (0.074s latency).
966Not shown: 491 filtered ports, 3 closed ports
967Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
968PORT STATE SERVICE
96980/tcp open http
970443/tcp open https
971
972Nmap done: 1 IP address (1 host up) scanned in 6.65 seconds
973#######################################################################################################################################
974Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:10 EST
975Nmap scan report for 192.0.78.12
976Host is up (0.033s latency).
977Not shown: 2 filtered ports
978PORT STATE SERVICE
97953/udp open|filtered domain
98067/udp open|filtered dhcps
98168/udp open|filtered dhcpc
98269/udp open|filtered tftp
98388/udp open|filtered kerberos-sec
984123/udp open|filtered ntp
985139/udp open|filtered netbios-ssn
986161/udp open|filtered snmp
987162/udp open|filtered snmptrap
988389/udp open|filtered ldap
989500/udp open|filtered isakmp
990520/udp open|filtered route
9912049/udp open|filtered nfs
992
993Nmap done: 1 IP address (1 host up) scanned in 3.43 seconds
994#######################################################################################################################################
995HTTP/1.1 302 Found
996Server: nginx
997Date: Tue, 14 Jan 2020 14:10:28 GMT
998Content-Type: text/html; charset=utf-8
999Connection: keep-alive
1000Vary: Cookie
1001Location: http://en.wordpress.com/typo/?subdomain=192
1002X-ac: 1.yyz _dfw
1003#######################################################################################################################################
1004https://automattic.com/privacy/
1005https://central.wordcamp.org/
1006https://developer.wordpress.com/
1007https://en.forums.wordpress.com/
1008https://en.support.wordpress.com/
1009https://fonts.googleapis.com/css?family=Noto+Sans:400,400i,700,700i&subset=cyrillic,cyrillic-ext,devanagari,greek,greek-ext,latin-ext,vietnamese
1010https://fonts.googleapis.com/css?family=Noto+Serif:400,400i,700,700i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese
1011https://ma.tt/
1012https://pixel.wp.com/b.gif?v=noscript
1013https://s1.wp.com/wp-content/themes/h4/ie6.css
1014https://s1.wp.com/wp-includes/js/dist/vendor/wp-polyfill-fetch.min.js?m=1573572739h&ver=3.0.0
1015https://store.wordpress.com/
1016https://wordpress.com/about/
1017https://wordpress.com/features/
1018https://wordpress.com/themes/
1019https://wordpress.com/tos/
1020https://wordpress.org/
1021http://www.w3.org/1999/xhtml
1022//stats.wp.com/w.js?60
1023text/css
1024text/javascript
1025#######################################################################################################################################
1026http://192.0.78.12 [302 Found] Country[UNITED STATES][US], HTTPServer[nginx], IP[192.0.78.12], RedirectLocation[http://en.wordpress.com/typo/?subdomain=192], UncommonHeaders[x-ac], nginx
1027http://en.wordpress.com/typo/?subdomain=192 [301 Moved Permanently] Country[UNITED STATES][US], HTTPServer[nginx], IP[192.0.79.32], RedirectLocation[https://en.wordpress.com/typo/?subdomain=192], Title[301 Moved Permanently], UncommonHeaders[x-ac], nginx
1028https://en.wordpress.com/typo/?subdomain=192 [200 OK] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[192.0.79.32], MetaGenerator[WordPress.com], OpenID, OpenSearch[https://en.wordpress.com/osd.xml,https://s1.wp.com/opensearch.xml], Script[text/javascript], Strict-Transport-Security[max-age=15552000], Title[WordPress.com], UncommonHeaders[x-hacker,x-ac], WordPress, X-Frame-Options[SAMEORIGIN], nginx, x-hacker[If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.]
1029#######################################################################################################################################
1030wig - WebApp Information Gatherer
1031
1032
1033Scanning https://en.wordpress.com...
1034___________________________________________________ SITE INFO ____________________________________________________
1035IP Title
1036192.0.79.32 WordPress.com
1037192.0.79.33
1038
1039____________________________________________________ VERSION _____________________________________________________
1040Name Versions Type
1041WordPress 3.8 | 3.8.1 | 3.8.2 | 3.8.3 | 3.8.4 | 3.8.5 | 3.8.6 | 3.8.7 CMS
1042 3.8.8 | 3.9 | 3.9.1 | 3.9.2 | 3.9.3 | 3.9.4 | 3.9.5 | 3.9.6
1043 4.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.0.5 | 4.1 | 4.1.1
1044 4.1.2 | 4.1.3 | 4.1.4 | 4.1.5 | 4.2 | 4.2.1 | 4.2.2
1045nginx Platform
1046
1047__________________________________________________ INTERESTING ___________________________________________________
1048URL Note Type
1049/install.php Installation file Interesting
1050/robots.txt robots.txt index Interesting
1051/test.php Test file Interesting
1052/test.htm Test file Interesting
1053/install.aspx Installation file Interesting
1054/install.asp Installation file Interesting
1055/test.aspx Test file Interesting
1056/test.asp Test file Interesting
1057/install.htm Installation file Interesting
1058/install.html Installation file Interesting
1059/test.html Test file Interesting
1060/test1.php Test file Interesting
1061/test1.aspx Test file Interesting
1062/test1.html Test file Interesting
1063/test1.htm Test file Interesting
1064/test1.asp Test file Interesting
1065/old.php This might be interesting Interesting
1066/old.aspx This might be interesting Interesting
1067/old.html This might be interesting Interesting
1068
1069_____________________________________________________ TOOLS ______________________________________________________
1070Name Link Software
1071wpscan https://github.com/wpscanteam/wpscan WordPress
1072CMSmap https://github.com/Dionach/CMSmap WordPress
1073
1074________________________________________________ VULNERABILITIES _________________________________________________
1075Affected #Vulns Link
1076WordPress 3.8 12 http://cvedetails.com/version/162922
1077WordPress 3.8.1 12 http://cvedetails.com/version/162923
1078WordPress 3.8.2 7 http://cvedetails.com/version/176067
1079WordPress 3.8.3 7 http://cvedetails.com/version/176068
1080WordPress 3.8.4 8 http://cvedetails.com/version/176069
1081WordPress 3.9 8 http://cvedetails.com/version/176070
1082WordPress 3.9.1 15 http://cvedetails.com/version/169908
1083WordPress 3.9.2 10 http://cvedetails.com/version/176071
1084WordPress 3.9.3 1 http://cvedetails.com/version/185080
1085WordPress 4.0 9 http://cvedetails.com/version/176072
1086WordPress 4.0.1 1 http://cvedetails.com/version/185081
1087WordPress 4.1 1 http://cvedetails.com/version/185082
1088WordPress 4.1.1 2 http://cvedetails.com/version/185079
1089WordPress 4.2 1 http://cvedetails.com/version/185048
1090WordPress 4.2.1 1 http://cvedetails.com/version/184019
1091WordPress 4.2.2 2 http://cvedetails.com/version/185073
1092
1093__________________________________________________________________________________________________________________
1094Time: 21.7 sec Urls: 217 Fingerprints: 40401
1095#######################################################################################################################################
1096 WordPress .
1097 WordPress
1098 Google Font API
1099 X-ac: 1.yyz _dfw
1100 Server: nginx
1101 X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
1102#######################################################################################################################################
1103===============================================================
1104Gobuster v3.0.1
1105by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
1106===============================================================
1107[+] Url: http://192.0.78.12
1108[+] Threads: 10
1109[+] Wordlist: /usr/share/sniper/wordlists/vhosts.txt
1110[+] User Agent: gobuster/3.0.1
1111[+] Timeout: 10s
1112===============================================================
11132020/01/14 09:12:24 Starting gobuster
1114===============================================================
1115Found: alpha.192.0.78.12 (Status: 403) [Size: 2945]
1116Found: adserver.192.0.78.12 (Status: 403) [Size: 2945]
1117Found: alerts.192.0.78.12 (Status: 403) [Size: 2945]
1118Found: administration.192.0.78.12 (Status: 403) [Size: 2945]
1119Found: api.192.0.78.12 (Status: 403) [Size: 2945]
1120Found: apache.192.0.78.12 (Status: 403) [Size: 2945]
1121Found: aptest.192.0.78.12 (Status: 403) [Size: 2945]
1122Found: apps.192.0.78.12 (Status: 403) [Size: 2945]
1123Found: appserver.192.0.78.12 (Status: 403) [Size: 2945]
1124Found: auth.192.0.78.12 (Status: 403) [Size: 2945]
1125Found: backup.192.0.78.12 (Status: 403) [Size: 2945]
1126Found: beta.192.0.78.12 (Status: 403) [Size: 2945]
1127Found: blog.192.0.78.12 (Status: 403) [Size: 2945]
1128Found: chat.192.0.78.12 (Status: 403) [Size: 2945]
1129Found: citrix.192.0.78.12 (Status: 403) [Size: 2945]
1130Found: corp.192.0.78.12 (Status: 403) [Size: 2945]
1131Found: dashboard.192.0.78.12 (Status: 403) [Size: 2945]
1132Found: demo.192.0.78.12 (Status: 403) [Size: 2945]
1133Found: database.192.0.78.12 (Status: 403) [Size: 2945]
1134Found: development.192.0.78.12 (Status: 403) [Size: 2945]
1135Found: devel.192.0.78.12 (Status: 403) [Size: 2945]
1136Found: dhcp.192.0.78.12 (Status: 403) [Size: 2945]
1137Found: devtest.192.0.78.12 (Status: 403) [Size: 2945]
1138Found: direct.192.0.78.12 (Status: 403) [Size: 2945]
1139Found: dns1.192.0.78.12 (Status: 403) [Size: 2945]
1140Found: dns2.192.0.78.12 (Status: 403) [Size: 2945]
1141Found: download.192.0.78.12 (Status: 403) [Size: 2945]
1142Found: eshop.192.0.78.12 (Status: 403) [Size: 2945]
1143Found: exchange.192.0.78.12 (Status: 403) [Size: 2945]
1144Found: fileserver.192.0.78.12 (Status: 403) [Size: 2945]
1145Found: firewall.192.0.78.12 (Status: 403) [Size: 2945]
1146Found: forum.192.0.78.12 (Status: 403) [Size: 2945]
1147Found: gw.192.0.78.12 (Status: 403) [Size: 2945]
1148Found: host.192.0.78.12 (Status: 403) [Size: 2945]
1149Found: home.192.0.78.12 (Status: 403) [Size: 2945]
1150Found: help.192.0.78.12 (Status: 403) [Size: 2945]
1151Found: helpdesk.192.0.78.12 (Status: 403) [Size: 2945]
1152Found: http.192.0.78.12 (Status: 403) [Size: 2945]
1153Found: images.192.0.78.12 (Status: 403) [Size: 2945]
1154Found: internal.192.0.78.12 (Status: 403) [Size: 2945]
1155Found: info.192.0.78.12 (Status: 403) [Size: 2945]
1156Found: internet.192.0.78.12 (Status: 403) [Size: 2945]
1157Found: ipv6.192.0.78.12 (Status: 403) [Size: 2945]
1158Found: intra.192.0.78.12 (Status: 403) [Size: 2945]
1159Found: linux.192.0.78.12 (Status: 403) [Size: 2945]
1160Found: ldap.192.0.78.12 (Status: 403) [Size: 2945]
1161Found: local.192.0.78.12 (Status: 403) [Size: 2945]
1162Found: intranet.192.0.78.12 (Status: 403) [Size: 2945]
1163Found: localhost.192.0.78.12 (Status: 403) [Size: 2945]
1164Found: log.192.0.78.12 (Status: 403) [Size: 2945]
1165Found: mail.192.0.78.12 (Status: 403) [Size: 2945]
1166Found: mailgate.192.0.78.12 (Status: 403) [Size: 2945]
1167Found: mail3.192.0.78.12 (Status: 403) [Size: 2945]
1168Found: mail2.192.0.78.12 (Status: 403) [Size: 2945]
1169Found: mgmt.192.0.78.12 (Status: 403) [Size: 2945]
1170Found: manage.192.0.78.12 (Status: 403) [Size: 2945]
1171Found: mobile.192.0.78.12 (Status: 403) [Size: 2945]
1172Found: mirror.192.0.78.12 (Status: 403) [Size: 2945]
1173Found: mssql.192.0.78.12 (Status: 403) [Size: 2945]
1174Found: monitor.192.0.78.12 (Status: 403) [Size: 2945]
1175Found: mysql.192.0.78.12 (Status: 403) [Size: 2945]
1176Found: news.192.0.78.12 (Status: 403) [Size: 2945]
1177Found: oracle.192.0.78.12 (Status: 403) [Size: 2945]
1178Found: portal.192.0.78.12 (Status: 403) [Size: 2945]
1179Found: secure.192.0.78.12 (Status: 403) [Size: 2945]
1180Found: server.192.0.78.12 (Status: 403) [Size: 2945]
1181Found: shop.192.0.78.12 (Status: 403) [Size: 2945]
1182Found: sharepoint.192.0.78.12 (Status: 403) [Size: 2945]
1183Found: smtp.192.0.78.12 (Status: 403) [Size: 2945]
1184Found: squid.192.0.78.12 (Status: 403) [Size: 2945]
1185Found: stage.192.0.78.12 (Status: 403) [Size: 2945]
1186Found: status.192.0.78.12 (Status: 403) [Size: 2945]
1187Found: staging.192.0.78.12 (Status: 403) [Size: 2945]
1188Found: syslog.192.0.78.12 (Status: 403) [Size: 2945]
1189Found: test.192.0.78.12 (Status: 403) [Size: 2945]
1190Found: test1.192.0.78.12 (Status: 403) [Size: 2945]
1191Found: stats.192.0.78.12 (Status: 403) [Size: 2945]
1192Found: test2.192.0.78.12 (Status: 403) [Size: 2945]
1193Found: testing.192.0.78.12 (Status: 403) [Size: 2945]
1194Found: upload.192.0.78.12 (Status: 403) [Size: 2945]
1195Found: voip.192.0.78.12 (Status: 403) [Size: 2945]
1196Found: wiki.192.0.78.12 (Status: 403) [Size: 2945]
1197Found: www.192.0.78.12 (Status: 301) [Size: 162]
1198Found: whois.192.0.78.12 (Status: 403) [Size: 2945]
1199Found: www2.192.0.78.12 (Status: 403) [Size: 2945]
1200===============================================================
12012020/01/14 09:12:27 Finished
1202===============================================================
1203#######################################################################################################################################
1204Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:12 EST
1205NSE: Loaded 162 scripts for scanning.
1206NSE: Script Pre-scanning.
1207Initiating NSE at 09:12
1208Completed NSE at 09:12, 0.00s elapsed
1209Initiating NSE at 09:12
1210Completed NSE at 09:12, 0.00s elapsed
1211Initiating Parallel DNS resolution of 1 host. at 09:12
1212Completed Parallel DNS resolution of 1 host. at 09:12, 0.02s elapsed
1213Initiating SYN Stealth Scan at 09:12
1214Scanning 192.0.78.12 [1 port]
1215Discovered open port 80/tcp on 192.0.78.12
1216Completed SYN Stealth Scan at 09:12, 0.12s elapsed (1 total ports)
1217Initiating Service scan at 09:12
1218Scanning 1 service on 192.0.78.12
1219Completed Service scan at 09:12, 5.39s elapsed (1 service on 1 host)
1220Initiating OS detection (try #1) against 192.0.78.12
1221Retrying OS detection (try #2) against 192.0.78.12
1222Initiating Traceroute at 09:12
1223Completed Traceroute at 09:12, 3.02s elapsed
1224Initiating Parallel DNS resolution of 4 hosts. at 09:12
1225Completed Parallel DNS resolution of 4 hosts. at 09:12, 0.27s elapsed
1226NSE: Script scanning 192.0.78.12.
1227Initiating NSE at 09:12
1228Completed NSE at 09:13, 25.59s elapsed
1229Initiating NSE at 09:13
1230Completed NSE at 09:13, 0.48s elapsed
1231Nmap scan report for 192.0.78.12
1232Host is up (0.079s latency).
1233
1234PORT STATE SERVICE VERSION
123580/tcp open http nginx
1236| http-brute:
1237|_ Path "/" does not require authentication
1238|_http-chrono: Request times for /typo/; avg: 268.14ms; min: 185.74ms; max: 340.89ms
1239|_http-csrf: Couldn't find any CSRF vulnerabilities.
1240|_http-date: Tue, 14 Jan 2020 14:12:41 GMT; -4s from local time.
1241|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1242|_http-dombased-xss: Couldn't find any DOM based XSS.
1243|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1244|_http-errors: Couldn't find any error pages.
1245|_http-feed: Couldn't find any feeds.
1246|_http-fetch: Please enter the complete path of the directory to save data in.
1247| http-headers:
1248| Server: nginx
1249| Date: Tue, 14 Jan 2020 14:12:44 GMT
1250| Content-Type: text/html; charset=utf-8
1251| Transfer-Encoding: chunked
1252| Connection: close
1253| Vary: Cookie
1254| Location: http://en.wordpress.com/typo/?subdomain=192
1255| X-ac: 1.yyz _dfw
1256|
1257|_ (Request type: GET)
1258|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1259| http-methods:
1260|_ Supported Methods: GET HEAD POST OPTIONS
1261|_http-mobileversion-checker: No mobile version detected.
1262|_http-passwd: ERROR: Script execution failed (use -d to debug)
1263| http-security-headers:
1264| Strict_Transport_Security:
1265| Header: Strict-Transport-Security: max-age=15552000
1266| X_Frame_Options:
1267| Header: X-Frame-Options: SAMEORIGIN
1268|_ Description: The browser must not display this content in any frame from a page of different origin than the content itself.
1269| http-sitemap-generator:
1270| Directory structure:
1271| Longest directory structure:
1272| Depth: 0
1273| Dir: /
1274| Total files found (by extension):
1275|_
1276|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1277|_http-title: Did not follow redirect to http://en.wordpress.com/typo/?subdomain=192
1278| http-vhosts:
1279|_127 names had status 400
1280| http-wordpress-enum:
1281| Search limited to top 100 themes/plugins
1282| plugins
1283| akismet
1284| bbpress 2.5.12
1285| themes
1286|_ twentyten
1287|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1288|_http-xssed: No previously reported XSS vuln.
1289| vulscan: VulDB - https://vuldb.com:
1290| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1291| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1292| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1293| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1294| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1295| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1296| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1297| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1298| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1299| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1300| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1301| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1302| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1303| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1304| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1305| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1306| [67677] nginx up to 1.7.3 SSL weak authentication
1307| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1308| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1309| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1310| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1311| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1312| [8671] nginx up to 1.4 proxy_pass denial of service
1313| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1314| [7247] nginx 1.2.6 Proxy Function spoofing
1315| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1316| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1317| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1318| [59645] nginx up to 0.8.9 Heap-based memory corruption
1319| [53592] nginx 0.8.36 memory corruption
1320| [53590] nginx up to 0.8.9 unknown vulnerability
1321| [51533] nginx 0.7.64 Terminal privilege escalation
1322| [50905] nginx up to 0.8.9 directory traversal
1323| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1324| [50043] nginx up to 0.8.10 memory corruption
1325|
1326| MITRE CVE - https://cve.mitre.org:
1327| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1328| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1329| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1330| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1331| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1332| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1333| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1334| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1335| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1336| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1337| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1338| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1339| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1340|
1341| SecurityFocus - https://www.securityfocus.com/bid/:
1342| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1343| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1344| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1345| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1346| [82230] nginx Multiple Denial of Service Vulnerabilities
1347| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1348| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1349| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1350| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1351| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1352| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1353| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1354| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1355| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1356| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1357| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1358| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1359| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1360| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1361| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1362| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1363| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1364| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1365| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1366| [40420] nginx Directory Traversal Vulnerability
1367| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1368| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1369| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1370| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1371| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1372|
1373| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1374| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1375| [84172] nginx denial of service
1376| [84048] nginx buffer overflow
1377| [83923] nginx ngx_http_close_connection() integer overflow
1378| [83688] nginx null byte code execution
1379| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1380| [82319] nginx access.log information disclosure
1381| [80952] nginx SSL spoofing
1382| [77244] nginx and Microsoft Windows request security bypass
1383| [76778] Naxsi module for Nginx nx_extract.py directory traversal
1384| [74831] nginx ngx_http_mp4_module.c buffer overflow
1385| [74191] nginx ngx_cpystrn() information disclosure
1386| [74045] nginx header response information disclosure
1387| [71355] nginx ngx_resolver_copy() buffer overflow
1388| [59370] nginx characters denial of service
1389| [59369] nginx DATA source code disclosure
1390| [59047] nginx space source code disclosure
1391| [58966] nginx unspecified directory traversal
1392| [54025] nginx ngx_http_parse.c denial of service
1393| [53431] nginx WebDAV component directory traversal
1394| [53328] Nginx CRC-32 cached domain name spoofing
1395| [53250] Nginx ngx_http_parse_complex_uri() function code execution
1396|
1397| Exploit-DB - https://www.exploit-db.com:
1398| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
1399| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
1400| [25499] nginx 1.3.9-1.4.0 DoS PoC
1401| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
1402| [14830] nginx 0.6.38 - Heap Corruption Exploit
1403| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
1404| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
1405| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
1406| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
1407| [9829] nginx 0.7.61 WebDAV directory traversal
1408|
1409| OpenVAS (Nessus) - http://www.openvas.org:
1410| [864418] Fedora Update for nginx FEDORA-2012-3846
1411| [864310] Fedora Update for nginx FEDORA-2012-6238
1412| [864209] Fedora Update for nginx FEDORA-2012-6411
1413| [864204] Fedora Update for nginx FEDORA-2012-6371
1414| [864121] Fedora Update for nginx FEDORA-2012-4006
1415| [864115] Fedora Update for nginx FEDORA-2012-3991
1416| [864065] Fedora Update for nginx FEDORA-2011-16075
1417| [863654] Fedora Update for nginx FEDORA-2011-16110
1418| [861232] Fedora Update for nginx FEDORA-2007-1158
1419| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
1420| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
1421| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
1422| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
1423| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1424| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1425| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1426| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1427| [100659] nginx Directory Traversal Vulnerability
1428| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
1429| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1430| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1431| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1432| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
1433| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1434| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
1435| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
1436| [71297] FreeBSD Ports: nginx
1437| [71276] FreeBSD Ports: nginx
1438| [71239] Debian Security Advisory DSA 2434-1 (nginx)
1439| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
1440| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
1441| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
1442| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
1443| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
1444| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
1445| [64894] FreeBSD Ports: nginx
1446| [64869] Debian Security Advisory DSA 1884-1 (nginx)
1447|
1448| SecurityTracker - https://www.securitytracker.com:
1449| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
1450| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
1451| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
1452| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
1453|
1454| OSVDB - http://www.osvdb.org:
1455| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
1456| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
1457| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
1458| [92796] nginx ngx_http_close_connection Function Crafted r->
1459| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
1460| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
1461| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
1462| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
1463| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
1464| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
1465| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
1466| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
1467| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
1468| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
1469| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
1470| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
1471| [62617] nginx Internal DNS Cache Poisoning Weakness
1472| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
1473| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
1474| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
1475| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
1476| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
1477| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
1478| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
1479| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
1480| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
1481| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
1482|_
1483Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1484Aggressive OS guesses: Linux 3.12 - 4.10 (92%), Linux 3.16 (92%), Crestron XPanel control system (90%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (88%), OpenWrt White Russian 0.9 (Linux 2.4.30) (88%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (88%), Linux 3.18 (88%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%)
1485No exact OS matches for host (test conditions non-ideal).
1486Network Distance: 5 hops
1487TCP Sequence Prediction: Difficulty=261 (Good luck!)
1488IP ID Sequence Generation: All zeros
1489
1490TRACEROUTE (using port 80/tcp)
1491HOP RTT ADDRESS
14921 89.52 ms 10.249.204.1
14932 89.62 ms 104.245.145.177
14943 89.64 ms 104.245.147.41
14954 ...
14965 89.62 ms 192.0.78.12
1497
1498NSE: Script Post-scanning.
1499Initiating NSE at 09:13
1500Completed NSE at 09:13, 0.00s elapsed
1501Initiating NSE at 09:13
1502Completed NSE at 09:13, 0.00s elapsed
1503#######################################################################################################################################
1504https://192.0.78.12 [302 Found] Country[UNITED STATES][US], HTTPServer[nginx], IP[192.0.78.12], RedirectLocation[https://en.wordpress.com/typo/?subdomain=192], UncommonHeaders[x-ac], nginx
1505https://en.wordpress.com/typo/?subdomain=192 [200 OK] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[192.0.79.32], MetaGenerator[WordPress.com], OpenID, OpenSearch[https://en.wordpress.com/osd.xml,https://s1.wp.com/opensearch.xml], Script[text/javascript], Strict-Transport-Security[max-age=15552000], Title[WordPress.com], UncommonHeaders[x-hacker,x-ac], WordPress, X-Frame-Options[SAMEORIGIN], nginx, x-hacker[If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.]
1506#######################################################################################################################################
1507 WordPress .
1508 WordPress
1509 Google Font API
1510 X-ac: 2.yyz _dfw
1511 Server: nginx
1512 X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
1513######################################################################################################################################
1514Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:14 EST
1515NSE: Loaded 162 scripts for scanning.
1516NSE: Script Pre-scanning.
1517Initiating NSE at 09:14
1518Completed NSE at 09:14, 0.00s elapsed
1519Initiating NSE at 09:14
1520Completed NSE at 09:14, 0.00s elapsed
1521Initiating Parallel DNS resolution of 1 host. at 09:14
1522Completed Parallel DNS resolution of 1 host. at 09:14, 0.02s elapsed
1523Initiating SYN Stealth Scan at 09:14
1524Scanning 192.0.78.12 [1 port]
1525Discovered open port 443/tcp on 192.0.78.12
1526Completed SYN Stealth Scan at 09:14, 0.12s elapsed (1 total ports)
1527Initiating Service scan at 09:14
1528Scanning 1 service on 192.0.78.12
1529Completed Service scan at 09:14, 10.89s elapsed (1 service on 1 host)
1530Initiating OS detection (try #1) against 192.0.78.12
1531Retrying OS detection (try #2) against 192.0.78.12
1532Initiating Traceroute at 09:14
1533Completed Traceroute at 09:14, 3.02s elapsed
1534Initiating Parallel DNS resolution of 4 hosts. at 09:14
1535Completed Parallel DNS resolution of 4 hosts. at 09:14, 0.20s elapsed
1536NSE: Script scanning 192.0.78.12.
1537Initiating NSE at 09:14
1538Completed NSE at 09:15, 32.75s elapsed
1539Initiating NSE at 09:15
1540Completed NSE at 09:15, 0.69s elapsed
1541Nmap scan report for 192.0.78.12
1542Host is up (0.085s latency).
1543
1544PORT STATE SERVICE VERSION
1545443/tcp open ssl/http nginx
1546| http-brute:
1547|_ Path "/" does not require authentication
1548|_http-chrono: Request times for /typo/; avg: 550.65ms; min: 496.23ms; max: 669.10ms
1549|_http-csrf: Couldn't find any CSRF vulnerabilities.
1550|_http-date: Tue, 14 Jan 2020 14:14:58 GMT; -4s from local time.
1551|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1552|_http-dombased-xss: Couldn't find any DOM based XSS.
1553|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1554|_http-errors: Couldn't find any error pages.
1555|_http-feed: Couldn't find any feeds.
1556|_http-fetch: Please enter the complete path of the directory to save data in.
1557| http-headers:
1558| Server: nginx
1559| Date: Tue, 14 Jan 2020 14:15:03 GMT
1560| Content-Type: text/html; charset=utf-8
1561| Transfer-Encoding: chunked
1562| Connection: close
1563| Vary: Cookie
1564| Location: https://en.wordpress.com/typo/?subdomain=192
1565| X-ac: 1.yyz _dfw
1566|
1567|_ (Request type: GET)
1568|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1569| http-methods:
1570|_ Supported Methods: GET HEAD POST OPTIONS
1571|_http-mobileversion-checker: No mobile version detected.
1572|_http-passwd: ERROR: Script execution failed (use -d to debug)
1573| http-security-headers:
1574| Strict_Transport_Security:
1575| Header: Strict-Transport-Security: max-age=15552000
1576| X_Frame_Options:
1577| Header: X-Frame-Options: SAMEORIGIN
1578|_ Description: The browser must not display this content in any frame from a page of different origin than the content itself.
1579| http-sitemap-generator:
1580| Directory structure:
1581| Longest directory structure:
1582| Depth: 0
1583| Dir: /
1584| Total files found (by extension):
1585|_
1586|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1587|_http-title: Did not follow redirect to https://en.wordpress.com/typo/?subdomain=192
1588| http-vhosts:
1589|_127 names had status 400
1590| http-wordpress-enum:
1591| Search limited to top 100 themes/plugins
1592| themes
1593| twentyten
1594| plugins
1595| akismet
1596|_ bbpress 2.5.12
1597|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1598|_http-xssed: No previously reported XSS vuln.
1599| vulscan: VulDB - https://vuldb.com:
1600| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1601| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1602| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1603| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1604| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1605| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1606| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1607| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1608| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1609| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1610| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1611| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1612| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1613| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1614| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1615| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1616| [67677] nginx up to 1.7.3 SSL weak authentication
1617| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1618| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1619| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1620| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1621| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1622| [8671] nginx up to 1.4 proxy_pass denial of service
1623| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1624| [7247] nginx 1.2.6 Proxy Function spoofing
1625| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1626| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1627| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1628| [59645] nginx up to 0.8.9 Heap-based memory corruption
1629| [53592] nginx 0.8.36 memory corruption
1630| [53590] nginx up to 0.8.9 unknown vulnerability
1631| [51533] nginx 0.7.64 Terminal privilege escalation
1632| [50905] nginx up to 0.8.9 directory traversal
1633| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1634| [50043] nginx up to 0.8.10 memory corruption
1635|
1636| MITRE CVE - https://cve.mitre.org:
1637| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1638| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1639| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1640| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1641| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1642| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1643| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1644| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1645| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1646| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1647| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1648| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1649| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1650|
1651| SecurityFocus - https://www.securityfocus.com/bid/:
1652| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1653| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1654| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1655| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1656| [82230] nginx Multiple Denial of Service Vulnerabilities
1657| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1658| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1659| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1660| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1661| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1662| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1663| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1664| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1665| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1666| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1667| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1668| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1669| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1670| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1671| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1672| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1673| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1674| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1675| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1676| [40420] nginx Directory Traversal Vulnerability
1677| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1678| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1679| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1680| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1681| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1682|
1683| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1684| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1685| [84172] nginx denial of service
1686| [84048] nginx buffer overflow
1687| [83923] nginx ngx_http_close_connection() integer overflow
1688| [83688] nginx null byte code execution
1689| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1690| [82319] nginx access.log information disclosure
1691| [80952] nginx SSL spoofing
1692| [77244] nginx and Microsoft Windows request security bypass
1693| [76778] Naxsi module for Nginx nx_extract.py directory traversal
1694| [74831] nginx ngx_http_mp4_module.c buffer overflow
1695| [74191] nginx ngx_cpystrn() information disclosure
1696| [74045] nginx header response information disclosure
1697| [71355] nginx ngx_resolver_copy() buffer overflow
1698| [59370] nginx characters denial of service
1699| [59369] nginx DATA source code disclosure
1700| [59047] nginx space source code disclosure
1701| [58966] nginx unspecified directory traversal
1702| [54025] nginx ngx_http_parse.c denial of service
1703| [53431] nginx WebDAV component directory traversal
1704| [53328] Nginx CRC-32 cached domain name spoofing
1705| [53250] Nginx ngx_http_parse_complex_uri() function code execution
1706|
1707| Exploit-DB - https://www.exploit-db.com:
1708| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
1709| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
1710| [25499] nginx 1.3.9-1.4.0 DoS PoC
1711| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
1712| [14830] nginx 0.6.38 - Heap Corruption Exploit
1713| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
1714| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
1715| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
1716| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
1717| [9829] nginx 0.7.61 WebDAV directory traversal
1718|
1719| OpenVAS (Nessus) - http://www.openvas.org:
1720| [864418] Fedora Update for nginx FEDORA-2012-3846
1721| [864310] Fedora Update for nginx FEDORA-2012-6238
1722| [864209] Fedora Update for nginx FEDORA-2012-6411
1723| [864204] Fedora Update for nginx FEDORA-2012-6371
1724| [864121] Fedora Update for nginx FEDORA-2012-4006
1725| [864115] Fedora Update for nginx FEDORA-2012-3991
1726| [864065] Fedora Update for nginx FEDORA-2011-16075
1727| [863654] Fedora Update for nginx FEDORA-2011-16110
1728| [861232] Fedora Update for nginx FEDORA-2007-1158
1729| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
1730| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
1731| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
1732| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
1733| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1734| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1735| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1736| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1737| [100659] nginx Directory Traversal Vulnerability
1738| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
1739| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1740| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1741| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1742| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
1743| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1744| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
1745| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
1746| [71297] FreeBSD Ports: nginx
1747| [71276] FreeBSD Ports: nginx
1748| [71239] Debian Security Advisory DSA 2434-1 (nginx)
1749| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
1750| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
1751| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
1752| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
1753| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
1754| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
1755| [64894] FreeBSD Ports: nginx
1756| [64869] Debian Security Advisory DSA 1884-1 (nginx)
1757|
1758| SecurityTracker - https://www.securitytracker.com:
1759| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
1760| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
1761| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
1762| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
1763|
1764| OSVDB - http://www.osvdb.org:
1765| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
1766| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
1767| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
1768| [92796] nginx ngx_http_close_connection Function Crafted r->
1769| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
1770| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
1771| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
1772| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
1773| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
1774| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
1775| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
1776| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
1777| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
1778| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
1779| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
1780| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
1781| [62617] nginx Internal DNS Cache Poisoning Weakness
1782| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
1783| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
1784| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
1785| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
1786| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
1787| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
1788| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
1789| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
1790| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
1791| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
1792|_
1793Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1794Aggressive OS guesses: Linux 3.12 - 4.10 (92%), Linux 3.16 (92%), Crestron XPanel control system (90%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (88%), OpenWrt White Russian 0.9 (Linux 2.4.30) (88%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (88%), Linux 3.18 (88%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%)
1795No exact OS matches for host (test conditions non-ideal).
1796Network Distance: 5 hops
1797TCP Sequence Prediction: Difficulty=261 (Good luck!)
1798IP ID Sequence Generation: All zeros
1799
1800TRACEROUTE (using port 443/tcp)
1801HOP RTT ADDRESS
18021 63.59 ms 10.249.204.1
18032 93.87 ms 104.245.145.177
18043 93.93 ms 104.245.147.41
18054 ...
18065 93.91 ms 192.0.78.12
1807
1808NSE: Script Post-scanning.
1809Initiating NSE at 09:15
1810Completed NSE at 09:15, 0.00s elapsed
1811Initiating NSE at 09:15
1812Completed NSE at 09:15, 0.00s elapsed
1813Read data files from: /usr/bin/../share/nmap
1814OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1815Nmap done: 1 IP address (1 host up) scanned in 53.09 seconds
1816 Raw packets sent: 81 (7.176KB) | Rcvd: 55 (3.681KB)
1817#######################################################################################################################################
1818Version: 1.11.13-static
1819OpenSSL 1.0.2-chacha (1.0.2g-dev)
1820
1821Connected to 192.0.78.12
1822
1823Testing SSL server 192.0.78.12 on port 443 using SNI name 192.0.78.12
1824
1825 TLS Fallback SCSV:
1826Server supports TLS Fallback SCSV
1827
1828 TLS renegotiation:
1829Secure session renegotiation supported
1830
1831 TLS Compression:
1832Compression disabled
1833
1834 Heartbleed:
1835TLS 1.2 not vulnerable to heartbleed
1836TLS 1.1 not vulnerable to heartbleed
1837TLS 1.0 not vulnerable to heartbleed
1838
1839 Supported Server Cipher(s):
1840Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1841Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1842Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1843Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1844Accepted TLSv1.2 128 bits AES128-SHA256
1845Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1846Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1847Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1848Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1849Accepted TLSv1.0 128 bits AES128-SHA
1850Accepted TLSv1.0 256 bits AES256-SHA
1851Accepted TLSv1.0 112 bits DES-CBC3-SHA
1852
1853 SSL Certificate:
1854Signature Algorithm: sha256WithRSAEncryption
1855RSA Key Strength: 2048
1856
1857Subject: *.wordpress.com
1858Altnames: DNS:*.wordpress.com, DNS:wordpress.com
1859Issuer: COMODO RSA Domain Validation Secure Server CA
1860
1861Not valid before: Sep 6 00:00:00 2018 GMT
1862Not valid after: Sep 5 23:59:59 2020 GMT
1863######################################################################################################################################
1864+----------+-----------------------------+----------------------------------------------+----------+----------+
1865| App Name | URL to Application | Potential Exploit | Username | Password |
1866+----------+-----------------------------+----------------------------------------------+----------+----------+
1867| SVN | http://192.0.78.12:80/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
1868+----------+-----------------------------+----------------------------------------------+----------+----------+
1869#######################################################################################################################################
1870Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:17 EST
1871NSE: Loaded 47 scripts for scanning.
1872NSE: Script Pre-scanning.
1873Initiating NSE at 09:17
1874Completed NSE at 09:17, 0.00s elapsed
1875Initiating NSE at 09:17
1876Completed NSE at 09:17, 0.00s elapsed
1877Initiating Parallel DNS resolution of 1 host. at 09:17
1878Completed Parallel DNS resolution of 1 host. at 09:17, 0.02s elapsed
1879Initiating SYN Stealth Scan at 09:17
1880Scanning 192.0.78.12 [65535 ports]
1881Discovered open port 80/tcp on 192.0.78.12
1882Discovered open port 443/tcp on 192.0.78.12
1883SYN Stealth Scan Timing: About 16.43% done; ETC: 09:20 (0:02:38 remaining)
1884SYN Stealth Scan Timing: About 41.46% done; ETC: 09:19 (0:01:26 remaining)
1885SYN Stealth Scan Timing: About 64.70% done; ETC: 09:19 (0:00:50 remaining)
1886Completed SYN Stealth Scan at 09:19, 136.58s elapsed (65535 total ports)
1887Initiating Service scan at 09:19
1888Scanning 2 services on 192.0.78.12
1889Completed Service scan at 09:19, 10.59s elapsed (2 services on 1 host)
1890Initiating OS detection (try #1) against 192.0.78.12
1891Retrying OS detection (try #2) against 192.0.78.12
1892Initiating Traceroute at 09:19
1893Completed Traceroute at 09:19, 0.07s elapsed
1894Initiating Parallel DNS resolution of 2 hosts. at 09:19
1895Completed Parallel DNS resolution of 2 hosts. at 09:19, 0.02s elapsed
1896NSE: Script scanning 192.0.78.12.
1897Initiating NSE at 09:19
1898Completed NSE at 09:19, 5.25s elapsed
1899Initiating NSE at 09:19
1900Completed NSE at 09:19, 0.56s elapsed
1901Nmap scan report for 192.0.78.12
1902Host is up (0.062s latency).
1903Not shown: 65530 filtered ports
1904PORT STATE SERVICE VERSION
190525/tcp closed smtp
190680/tcp open http nginx
1907| vulscan: VulDB - https://vuldb.com:
1908| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1909| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1910| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1911| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1912| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1913| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1914| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1915| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1916| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1917| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1918| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1919| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1920| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1921| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1922| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1923| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1924| [67677] nginx up to 1.7.3 SSL weak authentication
1925| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1926| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1927| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1928| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1929| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1930| [8671] nginx up to 1.4 proxy_pass denial of service
1931| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1932| [7247] nginx 1.2.6 Proxy Function spoofing
1933| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1934| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1935| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1936| [59645] nginx up to 0.8.9 Heap-based memory corruption
1937| [53592] nginx 0.8.36 memory corruption
1938| [53590] nginx up to 0.8.9 unknown vulnerability
1939| [51533] nginx 0.7.64 Terminal privilege escalation
1940| [50905] nginx up to 0.8.9 directory traversal
1941| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1942| [50043] nginx up to 0.8.10 memory corruption
1943|
1944| MITRE CVE - https://cve.mitre.org:
1945| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1946| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1947| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1948| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1949| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1950| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1951| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1952| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1953| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1954| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1955| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1956| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1957| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1958|
1959| SecurityFocus - https://www.securityfocus.com/bid/:
1960| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1961| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1962| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1963| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1964| [82230] nginx Multiple Denial of Service Vulnerabilities
1965| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1966| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1967| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1968| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1969| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1970| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1971| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1972| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1973| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1974| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1975| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1976| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1977| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1978| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1979| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1980| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1981| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1982| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1983| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1984| [40420] nginx Directory Traversal Vulnerability
1985| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1986| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1987| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1988| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1989| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1990|
1991| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1992| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1993| [84172] nginx denial of service
1994| [84048] nginx buffer overflow
1995| [83923] nginx ngx_http_close_connection() integer overflow
1996| [83688] nginx null byte code execution
1997| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1998| [82319] nginx access.log information disclosure
1999| [80952] nginx SSL spoofing
2000| [77244] nginx and Microsoft Windows request security bypass
2001| [76778] Naxsi module for Nginx nx_extract.py directory traversal
2002| [74831] nginx ngx_http_mp4_module.c buffer overflow
2003| [74191] nginx ngx_cpystrn() information disclosure
2004| [74045] nginx header response information disclosure
2005| [71355] nginx ngx_resolver_copy() buffer overflow
2006| [59370] nginx characters denial of service
2007| [59369] nginx DATA source code disclosure
2008| [59047] nginx space source code disclosure
2009| [58966] nginx unspecified directory traversal
2010| [54025] nginx ngx_http_parse.c denial of service
2011| [53431] nginx WebDAV component directory traversal
2012| [53328] Nginx CRC-32 cached domain name spoofing
2013| [53250] Nginx ngx_http_parse_complex_uri() function code execution
2014|
2015| Exploit-DB - https://www.exploit-db.com:
2016| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
2017| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
2018| [25499] nginx 1.3.9-1.4.0 DoS PoC
2019| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
2020| [14830] nginx 0.6.38 - Heap Corruption Exploit
2021| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
2022| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
2023| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
2024| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
2025| [9829] nginx 0.7.61 WebDAV directory traversal
2026|
2027| OpenVAS (Nessus) - http://www.openvas.org:
2028| [864418] Fedora Update for nginx FEDORA-2012-3846
2029| [864310] Fedora Update for nginx FEDORA-2012-6238
2030| [864209] Fedora Update for nginx FEDORA-2012-6411
2031| [864204] Fedora Update for nginx FEDORA-2012-6371
2032| [864121] Fedora Update for nginx FEDORA-2012-4006
2033| [864115] Fedora Update for nginx FEDORA-2012-3991
2034| [864065] Fedora Update for nginx FEDORA-2011-16075
2035| [863654] Fedora Update for nginx FEDORA-2011-16110
2036| [861232] Fedora Update for nginx FEDORA-2007-1158
2037| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
2038| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
2039| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
2040| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
2041| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2042| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2043| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2044| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2045| [100659] nginx Directory Traversal Vulnerability
2046| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
2047| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2048| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2049| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2050| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
2051| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2052| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
2053| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
2054| [71297] FreeBSD Ports: nginx
2055| [71276] FreeBSD Ports: nginx
2056| [71239] Debian Security Advisory DSA 2434-1 (nginx)
2057| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
2058| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
2059| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
2060| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
2061| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
2062| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
2063| [64894] FreeBSD Ports: nginx
2064| [64869] Debian Security Advisory DSA 1884-1 (nginx)
2065|
2066| SecurityTracker - https://www.securitytracker.com:
2067| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
2068| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
2069| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
2070| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
2071|
2072| OSVDB - http://www.osvdb.org:
2073| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
2074| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
2075| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
2076| [92796] nginx ngx_http_close_connection Function Crafted r->
2077| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
2078| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
2079| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
2080| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
2081| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
2082| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
2083| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
2084| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
2085| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
2086| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
2087| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
2088| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
2089| [62617] nginx Internal DNS Cache Poisoning Weakness
2090| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
2091| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
2092| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
2093| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
2094| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
2095| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
2096| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
2097| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
2098| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
2099| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
2100|_
2101139/tcp closed netbios-ssn
2102443/tcp open ssl/http nginx
2103| vulscan: VulDB - https://vuldb.com:
2104| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
2105| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
2106| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
2107| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
2108| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
2109| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
2110| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
2111| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
2112| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
2113| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
2114| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
2115| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
2116| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
2117| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
2118| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
2119| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
2120| [67677] nginx up to 1.7.3 SSL weak authentication
2121| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
2122| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
2123| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
2124| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
2125| [65364] nginx up to 1.1.13 Default Configuration information disclosure
2126| [8671] nginx up to 1.4 proxy_pass denial of service
2127| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
2128| [7247] nginx 1.2.6 Proxy Function spoofing
2129| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
2130| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
2131| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
2132| [59645] nginx up to 0.8.9 Heap-based memory corruption
2133| [53592] nginx 0.8.36 memory corruption
2134| [53590] nginx up to 0.8.9 unknown vulnerability
2135| [51533] nginx 0.7.64 Terminal privilege escalation
2136| [50905] nginx up to 0.8.9 directory traversal
2137| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
2138| [50043] nginx up to 0.8.10 memory corruption
2139|
2140| MITRE CVE - https://cve.mitre.org:
2141| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
2142| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
2143| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
2144| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
2145| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
2146| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
2147| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
2148| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
2149| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
2150| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
2151| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
2152| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
2153| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
2154|
2155| SecurityFocus - https://www.securityfocus.com/bid/:
2156| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
2157| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
2158| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
2159| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
2160| [82230] nginx Multiple Denial of Service Vulnerabilities
2161| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
2162| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2163| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
2164| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
2165| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
2166| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
2167| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
2168| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
2169| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
2170| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
2171| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
2172| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
2173| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
2174| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
2175| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2176| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2177| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2178| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2179| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
2180| [40420] nginx Directory Traversal Vulnerability
2181| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2182| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2183| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2184| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2185| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
2186|
2187| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2188| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
2189| [84172] nginx denial of service
2190| [84048] nginx buffer overflow
2191| [83923] nginx ngx_http_close_connection() integer overflow
2192| [83688] nginx null byte code execution
2193| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
2194| [82319] nginx access.log information disclosure
2195| [80952] nginx SSL spoofing
2196| [77244] nginx and Microsoft Windows request security bypass
2197| [76778] Naxsi module for Nginx nx_extract.py directory traversal
2198| [74831] nginx ngx_http_mp4_module.c buffer overflow
2199| [74191] nginx ngx_cpystrn() information disclosure
2200| [74045] nginx header response information disclosure
2201| [71355] nginx ngx_resolver_copy() buffer overflow
2202| [59370] nginx characters denial of service
2203| [59369] nginx DATA source code disclosure
2204| [59047] nginx space source code disclosure
2205| [58966] nginx unspecified directory traversal
2206| [54025] nginx ngx_http_parse.c denial of service
2207| [53431] nginx WebDAV component directory traversal
2208| [53328] Nginx CRC-32 cached domain name spoofing
2209| [53250] Nginx ngx_http_parse_complex_uri() function code execution
2210|
2211| Exploit-DB - https://www.exploit-db.com:
2212| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
2213| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
2214| [25499] nginx 1.3.9-1.4.0 DoS PoC
2215| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
2216| [14830] nginx 0.6.38 - Heap Corruption Exploit
2217| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
2218| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
2219| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
2220| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
2221| [9829] nginx 0.7.61 WebDAV directory traversal
2222|
2223| OpenVAS (Nessus) - http://www.openvas.org:
2224| [864418] Fedora Update for nginx FEDORA-2012-3846
2225| [864310] Fedora Update for nginx FEDORA-2012-6238
2226| [864209] Fedora Update for nginx FEDORA-2012-6411
2227| [864204] Fedora Update for nginx FEDORA-2012-6371
2228| [864121] Fedora Update for nginx FEDORA-2012-4006
2229| [864115] Fedora Update for nginx FEDORA-2012-3991
2230| [864065] Fedora Update for nginx FEDORA-2011-16075
2231| [863654] Fedora Update for nginx FEDORA-2011-16110
2232| [861232] Fedora Update for nginx FEDORA-2007-1158
2233| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
2234| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
2235| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
2236| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
2237| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2238| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2239| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2240| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2241| [100659] nginx Directory Traversal Vulnerability
2242| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
2243| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2244| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2245| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2246| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
2247| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2248| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
2249| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
2250| [71297] FreeBSD Ports: nginx
2251| [71276] FreeBSD Ports: nginx
2252| [71239] Debian Security Advisory DSA 2434-1 (nginx)
2253| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
2254| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
2255| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
2256| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
2257| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
2258| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
2259| [64894] FreeBSD Ports: nginx
2260| [64869] Debian Security Advisory DSA 1884-1 (nginx)
2261|
2262| SecurityTracker - https://www.securitytracker.com:
2263| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
2264| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
2265| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
2266| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
2267|
2268| OSVDB - http://www.osvdb.org:
2269| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
2270| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
2271| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
2272| [92796] nginx ngx_http_close_connection Function Crafted r->
2273| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
2274| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
2275| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
2276| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
2277| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
2278| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
2279| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
2280| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
2281| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
2282| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
2283| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
2284| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
2285| [62617] nginx Internal DNS Cache Poisoning Weakness
2286| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
2287| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
2288| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
2289| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
2290| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
2291| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
2292| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
2293| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
2294| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
2295| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
2296|_
2297445/tcp closed microsoft-ds
2298Aggressive OS guesses: OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (91%), OpenWrt White Russian 0.9 (Linux 2.4.30) (91%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (91%), Linux 3.18 (91%), HP P2000 G3 NAS device (91%), Linux 2.6.32 (90%), ProVision-ISR security DVR (90%), Linux 3.0 (89%), Linux 3.12 - 4.10 (89%), Linux 3.16 (89%)
2299No exact OS matches for host (test conditions non-ideal).
2300Network Distance: 2 hops
2301TCP Sequence Prediction: Difficulty=262 (Good luck!)
2302IP ID Sequence Generation: All zeros
2303
2304TRACEROUTE (using port 445/tcp)
2305HOP RTT ADDRESS
23061 68.56 ms 10.249.204.1
23072 68.55 ms 192.0.78.12
2308
2309NSE: Script Post-scanning.
2310Initiating NSE at 09:19
2311Completed NSE at 09:19, 0.00s elapsed
2312Initiating NSE at 09:19
2313Completed NSE at 09:19, 0.00s elapsed
2314#######################################################################################################################################
2315Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:19 EST
2316NSE: Loaded 47 scripts for scanning.
2317NSE: Script Pre-scanning.
2318Initiating NSE at 09:19
2319Completed NSE at 09:19, 0.00s elapsed
2320Initiating NSE at 09:19
2321Completed NSE at 09:19, 0.00s elapsed
2322Initiating Parallel DNS resolution of 1 host. at 09:19
2323Completed Parallel DNS resolution of 1 host. at 09:19, 0.02s elapsed
2324Initiating UDP Scan at 09:19
2325Scanning 192.0.78.12 [15 ports]
2326Completed UDP Scan at 09:19, 1.67s elapsed (15 total ports)
2327Initiating Service scan at 09:19
2328Scanning 13 services on 192.0.78.12
2329Service scan Timing: About 7.69% done; ETC: 09:40 (0:19:36 remaining)
2330Completed Service scan at 09:21, 102.59s elapsed (13 services on 1 host)
2331Initiating OS detection (try #1) against 192.0.78.12
2332Retrying OS detection (try #2) against 192.0.78.12
2333Initiating Traceroute at 09:21
2334Completed Traceroute at 09:21, 7.09s elapsed
2335Initiating Parallel DNS resolution of 1 host. at 09:21
2336Completed Parallel DNS resolution of 1 host. at 09:21, 0.00s elapsed
2337NSE: Script scanning 192.0.78.12.
2338Initiating NSE at 09:21
2339Completed NSE at 09:21, 7.15s elapsed
2340Initiating NSE at 09:21
2341Completed NSE at 09:21, 1.03s elapsed
2342Nmap scan report for 192.0.78.12
2343Host is up (0.041s latency).
2344
2345PORT STATE SERVICE VERSION
234653/udp open|filtered domain
234767/udp open|filtered dhcps
234868/udp open|filtered dhcpc
234969/udp open|filtered tftp
235088/udp open|filtered kerberos-sec
2351123/udp open|filtered ntp
2352137/udp filtered netbios-ns
2353138/udp filtered netbios-dgm
2354139/udp open|filtered netbios-ssn
2355161/udp open|filtered snmp
2356162/udp open|filtered snmptrap
2357389/udp open|filtered ldap
2358500/udp open|filtered isakmp
2359|_ike-version: ERROR: Script execution failed (use -d to debug)
2360520/udp open|filtered route
23612049/udp open|filtered nfs
2362Too many fingerprints match this host to give specific OS details
2363
2364TRACEROUTE (using port 137/udp)
2365HOP RTT ADDRESS
23661 30.67 ms 10.249.204.1
23672 ... 3
23684 31.12 ms 10.249.204.1
23695 90.08 ms 10.249.204.1
23706 90.08 ms 10.249.204.1
23717 90.08 ms 10.249.204.1
23728 90.06 ms 10.249.204.1
23739 60.19 ms 10.249.204.1
237410 29.87 ms 10.249.204.1
237511 ... 18
237619 29.41 ms 10.249.204.1
237720 45.45 ms 10.249.204.1
237821 35.44 ms 10.249.204.1
237922 ... 29
238030 30.31 ms 10.249.204.1
2381
2382NSE: Script Post-scanning.
2383Initiating NSE at 09:21
2384Completed NSE at 09:21, 0.00s elapsed
2385Initiating NSE at 09:21
2386Completed NSE at 09:21, 0.00s elapsed
2387Read data files from: /usr/bin/../share/nmap
2388OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2389Nmap done: 1 IP address (1 host up) scanned in 122.46 seconds
2390 Raw packets sent: 138 (12.176KB) | Rcvd: 25 (2.933KB)
2391######################################################################################################################################
2392WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
2393Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:10 EST
2394Nmap scan report for 192.0.78.13
2395Host is up (0.067s latency).
2396Not shown: 491 filtered ports, 3 closed ports
2397Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2398PORT STATE SERVICE
239980/tcp open http
2400443/tcp open https
2401
2402Nmap done: 1 IP address (1 host up) scanned in 6.93 seconds
2403#######################################################################################################################################
2404Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:10 EST
2405Nmap scan report for 192.0.78.13
2406Host is up (0.035s latency).
2407Not shown: 2 filtered ports
2408PORT STATE SERVICE
240953/udp open|filtered domain
241067/udp open|filtered dhcps
241168/udp open|filtered dhcpc
241269/udp open|filtered tftp
241388/udp open|filtered kerberos-sec
2414123/udp open|filtered ntp
2415139/udp open|filtered netbios-ssn
2416161/udp open|filtered snmp
2417162/udp open|filtered snmptrap
2418389/udp open|filtered ldap
2419500/udp open|filtered isakmp
2420520/udp open|filtered route
24212049/udp open|filtered nfs
2422
2423Nmap done: 1 IP address (1 host up) scanned in 1.72 seconds
2424#######################################################################################################################################
2425HTTP/1.1 302 Found
2426Server: nginx
2427Date: Tue, 14 Jan 2020 14:10:28 GMT
2428Content-Type: text/html; charset=utf-8
2429Connection: keep-alive
2430Vary: Cookie
2431Location: http://en.wordpress.com/typo/?subdomain=192
2432X-ac: 1.yyz _dfw
2433#######################################################################################################################################
2434https://automattic.com/privacy/
2435https://central.wordcamp.org/
2436https://developer.wordpress.com/
2437https://en.forums.wordpress.com/
2438https://en.support.wordpress.com/
2439https://fonts.googleapis.com/css?family=Noto+Sans:400,400i,700,700i&subset=cyrillic,cyrillic-ext,devanagari,greek,greek-ext,latin-ext,vietnamese
2440https://fonts.googleapis.com/css?family=Noto+Serif:400,400i,700,700i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese
2441https://ma.tt/
2442https://pixel.wp.com/b.gif?v=noscript
2443https://s1.wp.com/wp-content/themes/h4/ie6.css
2444https://s1.wp.com/wp-includes/js/dist/vendor/wp-polyfill-fetch.min.js?m=1573572739h&ver=3.0.0
2445https://store.wordpress.com/
2446https://wordpress.com/about/
2447https://wordpress.com/features/
2448https://wordpress.com/themes/
2449https://wordpress.com/tos/
2450https://wordpress.org/
2451http://www.w3.org/1999/xhtml
2452//stats.wp.com/w.js?60
2453text/css
2454text/javascript
2455#######################################################################################################################################
2456http://192.0.78.13 [302 Found] Country[UNITED STATES][US], HTTPServer[nginx], IP[192.0.78.13], RedirectLocation[http://en.wordpress.com/typo/?subdomain=192], UncommonHeaders[x-ac], nginx
2457http://en.wordpress.com/typo/?subdomain=192 [301 Moved Permanently] Country[UNITED STATES][US], HTTPServer[nginx], IP[192.0.79.32], RedirectLocation[https://en.wordpress.com/typo/?subdomain=192], Title[301 Moved Permanently], UncommonHeaders[x-ac], nginx
2458https://en.wordpress.com/typo/?subdomain=192 [200 OK] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[192.0.79.32], MetaGenerator[WordPress.com], OpenID, OpenSearch[https://en.wordpress.com/osd.xml,https://s1.wp.com/opensearch.xml], Script[text/javascript], Strict-Transport-Security[max-age=15552000], Title[WordPress.com], UncommonHeaders[x-hacker,x-ac], WordPress, X-Frame-Options[SAMEORIGIN], nginx, x-hacker[If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.]
2459#######################################################################################################################################
2460
2461wig - WebApp Information Gatherer
2462
2463
2464Scanning https://en.wordpress.com...
2465___________________________________________________ SITE INFO ____________________________________________________
2466IP Title
2467192.0.79.32 WordPress.com
2468192.0.79.33
2469
2470____________________________________________________ VERSION _____________________________________________________
2471Name Versions Type
2472WordPress 3.8 | 3.8.1 | 3.8.2 | 3.8.3 | 3.8.4 | 3.8.5 | 3.8.6 | 3.8.7 CMS
2473 3.8.8 | 3.9 | 3.9.1 | 3.9.2 | 3.9.3 | 3.9.4 | 3.9.5 | 3.9.6
2474 4.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.0.5 | 4.1 | 4.1.1
2475 4.1.2 | 4.1.3 | 4.1.4 | 4.1.5 | 4.2 | 4.2.1 | 4.2.2
2476nginx Platform
2477
2478__________________________________________________ INTERESTING ___________________________________________________
2479URL Note Type
2480/install.php Installation file Interesting
2481/robots.txt robots.txt index Interesting
2482/test.php Test file Interesting
2483/test.htm Test file Interesting
2484/install.asp Installation file Interesting
2485/install.aspx Installation file Interesting
2486/test.asp Test file Interesting
2487/test.aspx Test file Interesting
2488/install.htm Installation file Interesting
2489/install.html Installation file Interesting
2490/test.html Test file Interesting
2491/test1.asp Test file Interesting
2492/test1.php Test file Interesting
2493/test1.aspx Test file Interesting
2494/test1.htm Test file Interesting
2495/test1.html Test file Interesting
2496/old.php This might be interesting Interesting
2497/old.asp This might be interesting Interesting
2498
2499_____________________________________________________ TOOLS ______________________________________________________
2500Name Link Software
2501wpscan https://github.com/wpscanteam/wpscan WordPress
2502CMSmap https://github.com/Dionach/CMSmap WordPress
2503
2504________________________________________________ VULNERABILITIES _________________________________________________
2505Affected #Vulns Link
2506WordPress 3.8 12 http://cvedetails.com/version/162922
2507WordPress 3.8.1 12 http://cvedetails.com/version/162923
2508WordPress 3.8.2 7 http://cvedetails.com/version/176067
2509WordPress 3.8.3 7 http://cvedetails.com/version/176068
2510WordPress 3.8.4 8 http://cvedetails.com/version/176069
2511WordPress 3.9 8 http://cvedetails.com/version/176070
2512WordPress 3.9.1 15 http://cvedetails.com/version/169908
2513WordPress 3.9.2 10 http://cvedetails.com/version/176071
2514WordPress 3.9.3 1 http://cvedetails.com/version/185080
2515WordPress 4.0 9 http://cvedetails.com/version/176072
2516WordPress 4.0.1 1 http://cvedetails.com/version/185081
2517WordPress 4.1 1 http://cvedetails.com/version/185082
2518WordPress 4.1.1 2 http://cvedetails.com/version/185079
2519WordPress 4.2 1 http://cvedetails.com/version/185048
2520WordPress 4.2.1 1 http://cvedetails.com/version/184019
2521WordPress 4.2.2 2 http://cvedetails.com/version/185073
2522
2523__________________________________________________________________________________________________________________
2524Time: 21.8 sec Urls: 217 Fingerprints: 40401
2525#######################################################################################################################################
2526 WordPress .
2527 WordPress
2528 Google Font API
2529 X-ac: 2.yyz _dfw
2530 Server: nginx
2531 X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
2532#######################################################################################################################################
2533===============================================================
2534Gobuster v3.0.1
2535by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
2536===============================================================
2537[+] Url: http://192.0.78.13
2538[+] Threads: 10
2539[+] Wordlist: /usr/share/sniper/wordlists/vhosts.txt
2540[+] User Agent: gobuster/3.0.1
2541[+] Timeout: 10s
2542===============================================================
25432020/01/14 09:12:26 Starting gobuster
2544===============================================================
2545Found: api.192.0.78.13 (Status: 403) [Size: 2945]
2546Found: alpha.192.0.78.13 (Status: 403) [Size: 2945]
2547Found: administration.192.0.78.13 (Status: 403) [Size: 2945]
2548Found: adserver.192.0.78.13 (Status: 403) [Size: 2945]
2549Found: alerts.192.0.78.13 (Status: 403) [Size: 2945]
2550Found: apache.192.0.78.13 (Status: 403) [Size: 2945]
2551Found: auth.192.0.78.13 (Status: 403) [Size: 2945]
2552Found: backup.192.0.78.13 (Status: 403) [Size: 2945]
2553Found: beta.192.0.78.13 (Status: 403) [Size: 2945]
2554Found: aptest.192.0.78.13 (Status: 403) [Size: 2945]
2555Found: apps.192.0.78.13 (Status: 403) [Size: 2945]
2556Found: appserver.192.0.78.13 (Status: 403) [Size: 2945]
2557Found: blog.192.0.78.13 (Status: 403) [Size: 2945]
2558Found: chat.192.0.78.13 (Status: 403) [Size: 2945]
2559Found: citrix.192.0.78.13 (Status: 403) [Size: 2945]
2560Found: corp.192.0.78.13 (Status: 403) [Size: 2945]
2561Found: database.192.0.78.13 (Status: 403) [Size: 2945]
2562Found: dashboard.192.0.78.13 (Status: 403) [Size: 2945]
2563Found: demo.192.0.78.13 (Status: 403) [Size: 2945]
2564Found: devel.192.0.78.13 (Status: 403) [Size: 2945]
2565Found: development.192.0.78.13 (Status: 403) [Size: 2945]
2566Found: direct.192.0.78.13 (Status: 403) [Size: 2945]
2567Found: devtest.192.0.78.13 (Status: 403) [Size: 2945]
2568Found: dhcp.192.0.78.13 (Status: 403) [Size: 2945]
2569Found: dns1.192.0.78.13 (Status: 403) [Size: 2945]
2570Found: download.192.0.78.13 (Status: 403) [Size: 2945]
2571Found: dns2.192.0.78.13 (Status: 403) [Size: 2945]
2572Found: eshop.192.0.78.13 (Status: 403) [Size: 2945]
2573Found: exchange.192.0.78.13 (Status: 403) [Size: 2945]
2574Found: fileserver.192.0.78.13 (Status: 403) [Size: 2945]
2575Found: firewall.192.0.78.13 (Status: 403) [Size: 2945]
2576Found: forum.192.0.78.13 (Status: 403) [Size: 2945]
2577Found: gw.192.0.78.13 (Status: 403) [Size: 2945]
2578Found: helpdesk.192.0.78.13 (Status: 403) [Size: 2945]
2579Found: help.192.0.78.13 (Status: 403) [Size: 2945]
2580Found: home.192.0.78.13 (Status: 403) [Size: 2945]
2581Found: host.192.0.78.13 (Status: 403) [Size: 2945]
2582Found: http.192.0.78.13 (Status: 403) [Size: 2945]
2583Found: internal.192.0.78.13 (Status: 403) [Size: 2945]
2584Found: images.192.0.78.13 (Status: 403) [Size: 2945]
2585Found: info.192.0.78.13 (Status: 403) [Size: 2945]
2586Found: intra.192.0.78.13 (Status: 403) [Size: 2945]
2587Found: internet.192.0.78.13 (Status: 403) [Size: 2945]
2588Found: intranet.192.0.78.13 (Status: 403) [Size: 2945]
2589Found: ipv6.192.0.78.13 (Status: 403) [Size: 2945]
2590Found: ldap.192.0.78.13 (Status: 403) [Size: 2945]
2591Found: linux.192.0.78.13 (Status: 403) [Size: 2945]
2592Found: local.192.0.78.13 (Status: 403) [Size: 2945]
2593Found: mail2.192.0.78.13 (Status: 403) [Size: 2945]
2594Found: log.192.0.78.13 (Status: 403) [Size: 2945]
2595Found: localhost.192.0.78.13 (Status: 403) [Size: 2945]
2596Found: mail.192.0.78.13 (Status: 403) [Size: 2945]
2597Found: mail3.192.0.78.13 (Status: 403) [Size: 2945]
2598Found: mailgate.192.0.78.13 (Status: 403) [Size: 2945]
2599Found: manage.192.0.78.13 (Status: 403) [Size: 2945]
2600Found: mirror.192.0.78.13 (Status: 403) [Size: 2945]
2601Found: mgmt.192.0.78.13 (Status: 403) [Size: 2945]
2602Found: monitor.192.0.78.13 (Status: 403) [Size: 2945]
2603Found: mobile.192.0.78.13 (Status: 403) [Size: 2945]
2604Found: mssql.192.0.78.13 (Status: 403) [Size: 2945]
2605Found: mysql.192.0.78.13 (Status: 403) [Size: 2945]
2606Found: news.192.0.78.13 (Status: 403) [Size: 2945]
2607Found: oracle.192.0.78.13 (Status: 403) [Size: 2945]
2608Found: portal.192.0.78.13 (Status: 403) [Size: 2945]
2609Found: secure.192.0.78.13 (Status: 403) [Size: 2945]
2610Found: server.192.0.78.13 (Status: 403) [Size: 2945]
2611Found: sharepoint.192.0.78.13 (Status: 403) [Size: 2945]
2612Found: shop.192.0.78.13 (Status: 403) [Size: 2945]
2613Found: smtp.192.0.78.13 (Status: 403) [Size: 2945]
2614Found: squid.192.0.78.13 (Status: 403) [Size: 2945]
2615Found: stage.192.0.78.13 (Status: 403) [Size: 2945]
2616Found: stats.192.0.78.13 (Status: 403) [Size: 2945]
2617Found: staging.192.0.78.13 (Status: 403) [Size: 2945]
2618Found: status.192.0.78.13 (Status: 403) [Size: 2945]
2619Found: syslog.192.0.78.13 (Status: 403) [Size: 2945]
2620Found: test.192.0.78.13 (Status: 403) [Size: 2945]
2621Found: test2.192.0.78.13 (Status: 403) [Size: 2945]
2622Found: test1.192.0.78.13 (Status: 403) [Size: 2945]
2623Found: upload.192.0.78.13 (Status: 403) [Size: 2945]
2624Found: testing.192.0.78.13 (Status: 403) [Size: 2945]
2625Found: www.192.0.78.13 (Status: 301) [Size: 162]
2626Found: voip.192.0.78.13 (Status: 403) [Size: 2945]
2627Found: wiki.192.0.78.13 (Status: 403) [Size: 2945]
2628Found: whois.192.0.78.13 (Status: 403) [Size: 2945]
2629Found: www2.192.0.78.13 (Status: 403) [Size: 2945]
2630#######################################################################################################################################
2631Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:12 EST
2632NSE: Loaded 162 scripts for scanning.
2633NSE: Script Pre-scanning.
2634Initiating NSE at 09:12
2635Completed NSE at 09:12, 0.00s elapsed
2636Initiating NSE at 09:12
2637Completed NSE at 09:12, 0.00s elapsed
2638Initiating Parallel DNS resolution of 1 host. at 09:12
2639Completed Parallel DNS resolution of 1 host. at 09:12, 0.02s elapsed
2640Initiating SYN Stealth Scan at 09:12
2641Scanning 192.0.78.13 [1 port]
2642Discovered open port 80/tcp on 192.0.78.13
2643Completed SYN Stealth Scan at 09:12, 0.07s elapsed (1 total ports)
2644Initiating Service scan at 09:12
2645Scanning 1 service on 192.0.78.13
2646Completed Service scan at 09:12, 5.26s elapsed (1 service on 1 host)
2647Initiating OS detection (try #1) against 192.0.78.13
2648Retrying OS detection (try #2) against 192.0.78.13
2649Initiating Traceroute at 09:12
2650Completed Traceroute at 09:12, 3.01s elapsed
2651Initiating Parallel DNS resolution of 4 hosts. at 09:12
2652Completed Parallel DNS resolution of 4 hosts. at 09:12, 0.20s elapsed
2653NSE: Script scanning 192.0.78.13.
2654Initiating NSE at 09:12
2655Completed NSE at 09:13, 27.09s elapsed
2656Initiating NSE at 09:13
2657Completed NSE at 09:13, 0.55s elapsed
2658Nmap scan report for 192.0.78.13
2659Host is up (0.065s latency).
2660
2661PORT STATE SERVICE VERSION
266280/tcp open http nginx
2663| http-brute:
2664|_ Path "/" does not require authentication
2665|_http-chrono: Request times for /typo/; avg: 311.36ms; min: 265.47ms; max: 344.29ms
2666|_http-csrf: Couldn't find any CSRF vulnerabilities.
2667|_http-date: Tue, 14 Jan 2020 14:12:43 GMT; -3s from local time.
2668|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2669|_http-dombased-xss: Couldn't find any DOM based XSS.
2670|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2671|_http-errors: Couldn't find any error pages.
2672|_http-feed: Couldn't find any feeds.
2673|_http-fetch: Please enter the complete path of the directory to save data in.
2674| http-headers:
2675| Server: nginx
2676| Date: Tue, 14 Jan 2020 14:12:45 GMT
2677| Content-Type: text/html; charset=utf-8
2678| Transfer-Encoding: chunked
2679| Connection: close
2680| Vary: Cookie
2681| Location: http://en.wordpress.com/typo/?subdomain=192
2682| X-ac: 1.yyz _dfw
2683|
2684|_ (Request type: GET)
2685|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2686| http-methods:
2687|_ Supported Methods: GET HEAD POST OPTIONS
2688|_http-mobileversion-checker: No mobile version detected.
2689|_http-passwd: ERROR: Script execution failed (use -d to debug)
2690| http-security-headers:
2691| Strict_Transport_Security:
2692| Header: Strict-Transport-Security: max-age=15552000
2693| X_Frame_Options:
2694| Header: X-Frame-Options: SAMEORIGIN
2695|_ Description: The browser must not display this content in any frame from a page of different origin than the content itself.
2696| http-sitemap-generator:
2697| Directory structure:
2698| Longest directory structure:
2699| Depth: 0
2700| Dir: /
2701| Total files found (by extension):
2702|_
2703|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2704|_http-title: Did not follow redirect to http://en.wordpress.com/typo/?subdomain=192
2705| http-vhosts:
2706|_127 names had status 400
2707| http-wordpress-enum:
2708| Search limited to top 100 themes/plugins
2709| plugins
2710| akismet
2711| bbpress 2.5.12
2712| themes
2713|_ twentyten
2714|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2715|_http-xssed: No previously reported XSS vuln.
2716| vulscan: VulDB - https://vuldb.com:
2717| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
2718| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
2719| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
2720| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
2721| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
2722| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
2723| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
2724| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
2725| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
2726| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
2727| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
2728| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
2729| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
2730| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
2731| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
2732| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
2733| [67677] nginx up to 1.7.3 SSL weak authentication
2734| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
2735| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
2736| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
2737| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
2738| [65364] nginx up to 1.1.13 Default Configuration information disclosure
2739| [8671] nginx up to 1.4 proxy_pass denial of service
2740| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
2741| [7247] nginx 1.2.6 Proxy Function spoofing
2742| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
2743| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
2744| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
2745| [59645] nginx up to 0.8.9 Heap-based memory corruption
2746| [53592] nginx 0.8.36 memory corruption
2747| [53590] nginx up to 0.8.9 unknown vulnerability
2748| [51533] nginx 0.7.64 Terminal privilege escalation
2749| [50905] nginx up to 0.8.9 directory traversal
2750| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
2751| [50043] nginx up to 0.8.10 memory corruption
2752|
2753| MITRE CVE - https://cve.mitre.org:
2754| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
2755| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
2756| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
2757| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
2758| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
2759| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
2760| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
2761| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
2762| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
2763| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
2764| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
2765| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
2766| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
2767|
2768| SecurityFocus - https://www.securityfocus.com/bid/:
2769| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
2770| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
2771| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
2772| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
2773| [82230] nginx Multiple Denial of Service Vulnerabilities
2774| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
2775| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2776| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
2777| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
2778| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
2779| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
2780| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
2781| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
2782| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
2783| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
2784| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
2785| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
2786| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
2787| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
2788| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2789| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2790| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2791| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2792| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
2793| [40420] nginx Directory Traversal Vulnerability
2794| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2795| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2796| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2797| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2798| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
2799|
2800| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2801| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
2802| [84172] nginx denial of service
2803| [84048] nginx buffer overflow
2804| [83923] nginx ngx_http_close_connection() integer overflow
2805| [83688] nginx null byte code execution
2806| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
2807| [82319] nginx access.log information disclosure
2808| [80952] nginx SSL spoofing
2809| [77244] nginx and Microsoft Windows request security bypass
2810| [76778] Naxsi module for Nginx nx_extract.py directory traversal
2811| [74831] nginx ngx_http_mp4_module.c buffer overflow
2812| [74191] nginx ngx_cpystrn() information disclosure
2813| [74045] nginx header response information disclosure
2814| [71355] nginx ngx_resolver_copy() buffer overflow
2815| [59370] nginx characters denial of service
2816| [59369] nginx DATA source code disclosure
2817| [59047] nginx space source code disclosure
2818| [58966] nginx unspecified directory traversal
2819| [54025] nginx ngx_http_parse.c denial of service
2820| [53431] nginx WebDAV component directory traversal
2821| [53328] Nginx CRC-32 cached domain name spoofing
2822| [53250] Nginx ngx_http_parse_complex_uri() function code execution
2823|
2824| Exploit-DB - https://www.exploit-db.com:
2825| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
2826| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
2827| [25499] nginx 1.3.9-1.4.0 DoS PoC
2828| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
2829| [14830] nginx 0.6.38 - Heap Corruption Exploit
2830| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
2831| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
2832| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
2833| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
2834| [9829] nginx 0.7.61 WebDAV directory traversal
2835|
2836| OpenVAS (Nessus) - http://www.openvas.org:
2837| [864418] Fedora Update for nginx FEDORA-2012-3846
2838| [864310] Fedora Update for nginx FEDORA-2012-6238
2839| [864209] Fedora Update for nginx FEDORA-2012-6411
2840| [864204] Fedora Update for nginx FEDORA-2012-6371
2841| [864121] Fedora Update for nginx FEDORA-2012-4006
2842| [864115] Fedora Update for nginx FEDORA-2012-3991
2843| [864065] Fedora Update for nginx FEDORA-2011-16075
2844| [863654] Fedora Update for nginx FEDORA-2011-16110
2845| [861232] Fedora Update for nginx FEDORA-2007-1158
2846| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
2847| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
2848| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
2849| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
2850| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2851| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2852| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2853| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2854| [100659] nginx Directory Traversal Vulnerability
2855| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
2856| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2857| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2858| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2859| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
2860| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2861| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
2862| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
2863| [71297] FreeBSD Ports: nginx
2864| [71276] FreeBSD Ports: nginx
2865| [71239] Debian Security Advisory DSA 2434-1 (nginx)
2866| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
2867| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
2868| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
2869| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
2870| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
2871| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
2872| [64894] FreeBSD Ports: nginx
2873| [64869] Debian Security Advisory DSA 1884-1 (nginx)
2874|
2875| SecurityTracker - https://www.securitytracker.com:
2876| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
2877| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
2878| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
2879| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
2880|
2881| OSVDB - http://www.osvdb.org:
2882| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
2883| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
2884| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
2885| [92796] nginx ngx_http_close_connection Function Crafted r->
2886| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
2887| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
2888| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
2889| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
2890| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
2891| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
2892| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
2893| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
2894| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
2895| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
2896| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
2897| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
2898| [62617] nginx Internal DNS Cache Poisoning Weakness
2899| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
2900| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
2901| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
2902| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
2903| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
2904| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
2905| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
2906| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
2907| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
2908| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
2909|_
2910Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2911Aggressive OS guesses: Linux 3.12 - 4.10 (91%), Linux 3.16 (91%), Crestron XPanel control system (89%), Linux 3.18 (88%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (87%), OpenWrt White Russian 0.9 (Linux 2.4.30) (87%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (87%), HP P2000 G3 NAS device (86%), ASUS RT-N56U WAP (Linux 3.4) (86%), Linux 3.1 (86%)
2912No exact OS matches for host (test conditions non-ideal).
2913Network Distance: 5 hops
2914TCP Sequence Prediction: Difficulty=265 (Good luck!)
2915IP ID Sequence Generation: All zeros
2916
2917TRACEROUTE (using port 80/tcp)
2918HOP RTT ADDRESS
29191 109.40 ms 10.249.204.1
29202 109.62 ms 104.245.145.177
29213 109.56 ms 104.245.147.41
29224 ...
29235 109.56 ms 192.0.78.13
2924
2925NSE: Script Post-scanning.
2926Initiating NSE at 09:13
2927Completed NSE at 09:13, 0.00s elapsed
2928Initiating NSE at 09:13
2929Completed NSE at 09:13, 0.00s elapsed
2930######################################################################################################################################
2931https://192.0.78.13 [302 Found] Country[UNITED STATES][US], HTTPServer[nginx], IP[192.0.78.13], RedirectLocation[https://en.wordpress.com/typo/?subdomain=192], UncommonHeaders[x-ac], nginx
2932https://en.wordpress.com/typo/?subdomain=192 [200 OK] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[192.0.79.32], MetaGenerator[WordPress.com], OpenID, OpenSearch[https://en.wordpress.com/osd.xml,https://s1.wp.com/opensearch.xml], Script[text/javascript], Strict-Transport-Security[max-age=15552000], Title[WordPress.com], UncommonHeaders[x-hacker,x-ac], WordPress, X-Frame-Options[SAMEORIGIN], nginx, x-hacker[If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.]
2933#######################################################################################################################################
2934 WordPress .
2935 WordPress
2936 Google Font API
2937 X-ac: 2.yyz _dfw
2938 Server: nginx
2939 X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
2940#######################################################################################################################################
2941Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:14 EST
2942NSE: Loaded 162 scripts for scanning.
2943NSE: Script Pre-scanning.
2944Initiating NSE at 09:14
2945Completed NSE at 09:14, 0.00s elapsed
2946Initiating NSE at 09:14
2947Completed NSE at 09:14, 0.00s elapsed
2948Initiating Parallel DNS resolution of 1 host. at 09:14
2949Completed Parallel DNS resolution of 1 host. at 09:14, 0.02s elapsed
2950Initiating SYN Stealth Scan at 09:14
2951Scanning 192.0.78.13 [1 port]
2952Discovered open port 443/tcp on 192.0.78.13
2953Completed SYN Stealth Scan at 09:14, 0.11s elapsed (1 total ports)
2954Initiating Service scan at 09:14
2955Scanning 1 service on 192.0.78.13
2956Completed Service scan at 09:14, 10.92s elapsed (1 service on 1 host)
2957Initiating OS detection (try #1) against 192.0.78.13
2958Retrying OS detection (try #2) against 192.0.78.13
2959Initiating Traceroute at 09:14
2960Completed Traceroute at 09:14, 3.03s elapsed
2961Initiating Parallel DNS resolution of 4 hosts. at 09:14
2962Completed Parallel DNS resolution of 4 hosts. at 09:14, 0.19s elapsed
2963NSE: Script scanning 192.0.78.13.
2964Initiating NSE at 09:14
2965Completed NSE at 09:16, 90.55s elapsed
2966Initiating NSE at 09:16
2967Completed NSE at 09:16, 0.64s elapsed
2968Nmap scan report for 192.0.78.13
2969Host is up (0.077s latency).
2970
2971PORT STATE SERVICE VERSION
2972443/tcp open ssl/http nginx
2973| http-brute:
2974|_ Path "/" does not require authentication
2975|_http-chrono: Request times for /typo/; avg: 496.61ms; min: 437.90ms; max: 530.15ms
2976|_http-csrf: Couldn't find any CSRF vulnerabilities.
2977|_http-date: Tue, 14 Jan 2020 14:15:00 GMT; -4s from local time.
2978|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2979|_http-dombased-xss: Couldn't find any DOM based XSS.
2980|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2981|_http-errors: Couldn't find any error pages.
2982|_http-feed: Couldn't find any feeds.
2983|_http-fetch: Please enter the complete path of the directory to save data in.
2984| http-headers:
2985| Server: nginx
2986| Date: Tue, 14 Jan 2020 14:15:05 GMT
2987| Content-Type: text/html; charset=utf-8
2988| Transfer-Encoding: chunked
2989| Connection: close
2990| Vary: Cookie
2991| Location: https://en.wordpress.com/typo/?subdomain=192
2992| X-ac: 1.yyz _dfw
2993|
2994|_ (Request type: GET)
2995|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2996| http-methods:
2997|_ Supported Methods: GET HEAD POST OPTIONS
2998|_http-mobileversion-checker: No mobile version detected.
2999|_http-passwd: ERROR: Script execution failed (use -d to debug)
3000| http-security-headers:
3001| Strict_Transport_Security:
3002| Header: Strict-Transport-Security: max-age=15552000
3003| X_Frame_Options:
3004| Header: X-Frame-Options: SAMEORIGIN
3005|_ Description: The browser must not display this content in any frame from a page of different origin than the content itself.
3006| http-sitemap-generator:
3007| Directory structure:
3008| Longest directory structure:
3009| Depth: 0
3010| Dir: /
3011| Total files found (by extension):
3012|_
3013|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
3014|_http-title: Did not follow redirect to https://en.wordpress.com/typo/?subdomain=192
3015| http-vhosts:
3016|_127 names had status 400
3017|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
3018|_http-xssed: No previously reported XSS vuln.
3019| vulscan: VulDB - https://vuldb.com:
3020| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
3021| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
3022| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
3023| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
3024| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
3025| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
3026| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
3027| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
3028| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
3029| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
3030| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
3031| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
3032| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
3033| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
3034| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
3035| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
3036| [67677] nginx up to 1.7.3 SSL weak authentication
3037| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
3038| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
3039| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
3040| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
3041| [65364] nginx up to 1.1.13 Default Configuration information disclosure
3042| [8671] nginx up to 1.4 proxy_pass denial of service
3043| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
3044| [7247] nginx 1.2.6 Proxy Function spoofing
3045| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
3046| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
3047| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
3048| [59645] nginx up to 0.8.9 Heap-based memory corruption
3049| [53592] nginx 0.8.36 memory corruption
3050| [53590] nginx up to 0.8.9 unknown vulnerability
3051| [51533] nginx 0.7.64 Terminal privilege escalation
3052| [50905] nginx up to 0.8.9 directory traversal
3053| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
3054| [50043] nginx up to 0.8.10 memory corruption
3055|
3056| MITRE CVE - https://cve.mitre.org:
3057| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
3058| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
3059| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
3060| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
3061| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
3062| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
3063| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
3064| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
3065| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
3066| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
3067| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
3068| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
3069| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
3070|
3071| SecurityFocus - https://www.securityfocus.com/bid/:
3072| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
3073| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
3074| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
3075| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
3076| [82230] nginx Multiple Denial of Service Vulnerabilities
3077| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
3078| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
3079| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
3080| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
3081| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
3082| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
3083| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
3084| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
3085| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
3086| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
3087| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
3088| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
3089| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
3090| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
3091| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3092| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3093| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3094| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3095| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
3096| [40420] nginx Directory Traversal Vulnerability
3097| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3098| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3099| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3100| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3101| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
3102|
3103| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3104| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
3105| [84172] nginx denial of service
3106| [84048] nginx buffer overflow
3107| [83923] nginx ngx_http_close_connection() integer overflow
3108| [83688] nginx null byte code execution
3109| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
3110| [82319] nginx access.log information disclosure
3111| [80952] nginx SSL spoofing
3112| [77244] nginx and Microsoft Windows request security bypass
3113| [76778] Naxsi module for Nginx nx_extract.py directory traversal
3114| [74831] nginx ngx_http_mp4_module.c buffer overflow
3115| [74191] nginx ngx_cpystrn() information disclosure
3116| [74045] nginx header response information disclosure
3117| [71355] nginx ngx_resolver_copy() buffer overflow
3118| [59370] nginx characters denial of service
3119| [59369] nginx DATA source code disclosure
3120| [59047] nginx space source code disclosure
3121| [58966] nginx unspecified directory traversal
3122| [54025] nginx ngx_http_parse.c denial of service
3123| [53431] nginx WebDAV component directory traversal
3124| [53328] Nginx CRC-32 cached domain name spoofing
3125| [53250] Nginx ngx_http_parse_complex_uri() function code execution
3126|
3127| Exploit-DB - https://www.exploit-db.com:
3128| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
3129| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
3130| [25499] nginx 1.3.9-1.4.0 DoS PoC
3131| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
3132| [14830] nginx 0.6.38 - Heap Corruption Exploit
3133| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
3134| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
3135| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3136| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
3137| [9829] nginx 0.7.61 WebDAV directory traversal
3138|
3139| OpenVAS (Nessus) - http://www.openvas.org:
3140| [864418] Fedora Update for nginx FEDORA-2012-3846
3141| [864310] Fedora Update for nginx FEDORA-2012-6238
3142| [864209] Fedora Update for nginx FEDORA-2012-6411
3143| [864204] Fedora Update for nginx FEDORA-2012-6371
3144| [864121] Fedora Update for nginx FEDORA-2012-4006
3145| [864115] Fedora Update for nginx FEDORA-2012-3991
3146| [864065] Fedora Update for nginx FEDORA-2011-16075
3147| [863654] Fedora Update for nginx FEDORA-2011-16110
3148| [861232] Fedora Update for nginx FEDORA-2007-1158
3149| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
3150| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
3151| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
3152| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
3153| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3154| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3155| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3156| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3157| [100659] nginx Directory Traversal Vulnerability
3158| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
3159| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3160| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3161| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3162| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
3163| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3164| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
3165| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
3166| [71297] FreeBSD Ports: nginx
3167| [71276] FreeBSD Ports: nginx
3168| [71239] Debian Security Advisory DSA 2434-1 (nginx)
3169| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
3170| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
3171| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
3172| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
3173| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
3174| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
3175| [64894] FreeBSD Ports: nginx
3176| [64869] Debian Security Advisory DSA 1884-1 (nginx)
3177|
3178| SecurityTracker - https://www.securitytracker.com:
3179| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
3180| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
3181| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
3182| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
3183|
3184| OSVDB - http://www.osvdb.org:
3185| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
3186| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
3187| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
3188| [92796] nginx ngx_http_close_connection Function Crafted r->
3189| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
3190| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
3191| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
3192| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
3193| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
3194| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
3195| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
3196| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
3197| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
3198| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
3199| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
3200| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
3201| [62617] nginx Internal DNS Cache Poisoning Weakness
3202| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
3203| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
3204| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
3205| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
3206| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
3207| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
3208| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
3209| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
3210| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
3211| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
3212|_
3213Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3214Aggressive OS guesses: Linux 3.12 - 4.10 (92%), Linux 3.16 (92%), Crestron XPanel control system (90%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (88%), OpenWrt White Russian 0.9 (Linux 2.4.30) (88%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (88%), Linux 3.18 (88%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%)
3215No exact OS matches for host (test conditions non-ideal).
3216Network Distance: 5 hops
3217TCP Sequence Prediction: Difficulty=261 (Good luck!)
3218IP ID Sequence Generation: All zeros
3219
3220TRACEROUTE (using port 443/tcp)
3221HOP RTT ADDRESS
32221 59.46 ms 10.249.204.1
32232 89.34 ms 104.245.145.177
32243 89.42 ms 104.245.147.41
32254 ...
32265 89.41 ms 192.0.78.13
3227
3228NSE: Script Post-scanning.
3229Initiating NSE at 09:16
3230Completed NSE at 09:16, 0.00s elapsed
3231Initiating NSE at 09:16
3232Completed NSE at 09:16, 0.00s elapsed
3233Read data files from: /usr/bin/../share/nmap
3234OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
3235Nmap done: 1 IP address (1 host up) scanned in 111.13 seconds
3236 Raw packets sent: 81 (7.176KB) | Rcvd: 66 (4.552KB)
3237#######################################################################################################################################
3238Version: 1.11.13-static
3239OpenSSL 1.0.2-chacha (1.0.2g-dev)
3240
3241Connected to 192.0.78.13
3242
3243Testing SSL server 192.0.78.13 on port 443 using SNI name 192.0.78.13
3244
3245 TLS Fallback SCSV:
3246Server supports TLS Fallback SCSV
3247
3248 TLS renegotiation:
3249Secure session renegotiation supported
3250
3251 TLS Compression:
3252Compression disabled
3253
3254 Heartbleed:
3255TLS 1.2 not vulnerable to heartbleed
3256TLS 1.1 not vulnerable to heartbleed
3257TLS 1.0 not vulnerable to heartbleed
3258
3259 Supported Server Cipher(s):
3260Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
3261Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
3262Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3263Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3264Accepted TLSv1.2 128 bits AES128-SHA256
3265Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3266Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3267Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3268Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3269Accepted TLSv1.0 128 bits AES128-SHA
3270Accepted TLSv1.0 256 bits AES256-SHA
3271Accepted TLSv1.0 112 bits DES-CBC3-SHA
3272
3273 SSL Certificate:
3274Signature Algorithm: sha256WithRSAEncryption
3275RSA Key Strength: 2048
3276
3277Subject: *.wordpress.com
3278Altnames: DNS:*.wordpress.com, DNS:wordpress.com
3279Issuer: COMODO RSA Domain Validation Secure Server CA
3280
3281Not valid before: Sep 6 00:00:00 2018 GMT
3282Not valid after: Sep 5 23:59:59 2020 GMT
3283######################################################################################################################################
3284+----------+-------------------------------+----------------------------------------------+----------+----------+
3285| App Name | URL to Application | Potential Exploit | Username | Password |
3286+----------+-------------------------------+----------------------------------------------+----------+----------+
3287| SVN | https://192.0.78.13:443/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
3288+----------+-------------------------------+----------------------------------------------+----------
3289#######################################################################################################################################
3290Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:17 EST
3291NSE: Loaded 47 scripts for scanning.
3292NSE: Script Pre-scanning.
3293Initiating NSE at 09:17
3294Completed NSE at 09:17, 0.00s elapsed
3295Initiating NSE at 09:17
3296Completed NSE at 09:17, 0.00s elapsed
3297Initiating Parallel DNS resolution of 1 host. at 09:17
3298Completed Parallel DNS resolution of 1 host. at 09:17, 0.02s elapsed
3299Initiating SYN Stealth Scan at 09:17
3300Scanning 192.0.78.13 [65535 ports]
3301Discovered open port 80/tcp on 192.0.78.13
3302Discovered open port 443/tcp on 192.0.78.13
3303SYN Stealth Scan Timing: About 19.62% done; ETC: 09:20 (0:02:07 remaining)
3304SYN Stealth Scan Timing: About 38.77% done; ETC: 09:20 (0:01:36 remaining)
3305SYN Stealth Scan Timing: About 66.35% done; ETC: 09:20 (0:00:46 remaining)
3306Completed SYN Stealth Scan at 09:19, 121.15s elapsed (65535 total ports)
3307Initiating Service scan at 09:19
3308Scanning 2 services on 192.0.78.13
3309Completed Service scan at 09:20, 10.96s elapsed (2 services on 1 host)
3310Initiating OS detection (try #1) against 192.0.78.13
3311Retrying OS detection (try #2) against 192.0.78.13
3312Initiating Traceroute at 09:20
3313Completed Traceroute at 09:20, 0.10s elapsed
3314Initiating Parallel DNS resolution of 2 hosts. at 09:20
3315Completed Parallel DNS resolution of 2 hosts. at 09:20, 0.02s elapsed
3316NSE: Script scanning 192.0.78.13.
3317Initiating NSE at 09:20
3318Completed NSE at 09:20, 5.30s elapsed
3319Initiating NSE at 09:20
3320Completed NSE at 09:20, 0.96s elapsed
3321Nmap scan report for 192.0.78.13
3322Host is up (0.090s latency).
3323Not shown: 65530 filtered ports
3324PORT STATE SERVICE VERSION
332525/tcp closed smtp
332680/tcp open http nginx
3327| vulscan: VulDB - https://vuldb.com:
3328| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
3329| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
3330| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
3331| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
3332| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
3333| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
3334| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
3335| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
3336| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
3337| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
3338| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
3339| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
3340| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
3341| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
3342| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
3343| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
3344| [67677] nginx up to 1.7.3 SSL weak authentication
3345| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
3346| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
3347| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
3348| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
3349| [65364] nginx up to 1.1.13 Default Configuration information disclosure
3350| [8671] nginx up to 1.4 proxy_pass denial of service
3351| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
3352| [7247] nginx 1.2.6 Proxy Function spoofing
3353| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
3354| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
3355| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
3356| [59645] nginx up to 0.8.9 Heap-based memory corruption
3357| [53592] nginx 0.8.36 memory corruption
3358| [53590] nginx up to 0.8.9 unknown vulnerability
3359| [51533] nginx 0.7.64 Terminal privilege escalation
3360| [50905] nginx up to 0.8.9 directory traversal
3361| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
3362| [50043] nginx up to 0.8.10 memory corruption
3363|
3364| MITRE CVE - https://cve.mitre.org:
3365| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
3366| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
3367| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
3368| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
3369| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
3370| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
3371| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
3372| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
3373| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
3374| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
3375| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
3376| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
3377| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
3378|
3379| SecurityFocus - https://www.securityfocus.com/bid/:
3380| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
3381| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
3382| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
3383| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
3384| [82230] nginx Multiple Denial of Service Vulnerabilities
3385| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
3386| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
3387| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
3388| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
3389| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
3390| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
3391| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
3392| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
3393| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
3394| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
3395| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
3396| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
3397| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
3398| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
3399| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3400| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3401| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3402| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3403| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
3404| [40420] nginx Directory Traversal Vulnerability
3405| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3406| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3407| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3408| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3409| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
3410|
3411| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3412| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
3413| [84172] nginx denial of service
3414| [84048] nginx buffer overflow
3415| [83923] nginx ngx_http_close_connection() integer overflow
3416| [83688] nginx null byte code execution
3417| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
3418| [82319] nginx access.log information disclosure
3419| [80952] nginx SSL spoofing
3420| [77244] nginx and Microsoft Windows request security bypass
3421| [76778] Naxsi module for Nginx nx_extract.py directory traversal
3422| [74831] nginx ngx_http_mp4_module.c buffer overflow
3423| [74191] nginx ngx_cpystrn() information disclosure
3424| [74045] nginx header response information disclosure
3425| [71355] nginx ngx_resolver_copy() buffer overflow
3426| [59370] nginx characters denial of service
3427| [59369] nginx DATA source code disclosure
3428| [59047] nginx space source code disclosure
3429| [58966] nginx unspecified directory traversal
3430| [54025] nginx ngx_http_parse.c denial of service
3431| [53431] nginx WebDAV component directory traversal
3432| [53328] Nginx CRC-32 cached domain name spoofing
3433| [53250] Nginx ngx_http_parse_complex_uri() function code execution
3434|
3435| Exploit-DB - https://www.exploit-db.com:
3436| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
3437| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
3438| [25499] nginx 1.3.9-1.4.0 DoS PoC
3439| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
3440| [14830] nginx 0.6.38 - Heap Corruption Exploit
3441| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
3442| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
3443| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3444| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
3445| [9829] nginx 0.7.61 WebDAV directory traversal
3446|
3447| OpenVAS (Nessus) - http://www.openvas.org:
3448| [864418] Fedora Update for nginx FEDORA-2012-3846
3449| [864310] Fedora Update for nginx FEDORA-2012-6238
3450| [864209] Fedora Update for nginx FEDORA-2012-6411
3451| [864204] Fedora Update for nginx FEDORA-2012-6371
3452| [864121] Fedora Update for nginx FEDORA-2012-4006
3453| [864115] Fedora Update for nginx FEDORA-2012-3991
3454| [864065] Fedora Update for nginx FEDORA-2011-16075
3455| [863654] Fedora Update for nginx FEDORA-2011-16110
3456| [861232] Fedora Update for nginx FEDORA-2007-1158
3457| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
3458| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
3459| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
3460| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
3461| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3462| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3463| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3464| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3465| [100659] nginx Directory Traversal Vulnerability
3466| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
3467| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3468| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3469| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3470| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
3471| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3472| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
3473| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
3474| [71297] FreeBSD Ports: nginx
3475| [71276] FreeBSD Ports: nginx
3476| [71239] Debian Security Advisory DSA 2434-1 (nginx)
3477| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
3478| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
3479| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
3480| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
3481| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
3482| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
3483| [64894] FreeBSD Ports: nginx
3484| [64869] Debian Security Advisory DSA 1884-1 (nginx)
3485|
3486| SecurityTracker - https://www.securitytracker.com:
3487| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
3488| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
3489| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
3490| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
3491|
3492| OSVDB - http://www.osvdb.org:
3493| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
3494| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
3495| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
3496| [92796] nginx ngx_http_close_connection Function Crafted r->
3497| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
3498| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
3499| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
3500| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
3501| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
3502| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
3503| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
3504| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
3505| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
3506| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
3507| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
3508| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
3509| [62617] nginx Internal DNS Cache Poisoning Weakness
3510| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
3511| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
3512| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
3513| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
3514| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
3515| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
3516| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
3517| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
3518| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
3519| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
3520|_
3521139/tcp closed netbios-ssn
3522443/tcp open ssl/http nginx
3523| vulscan: VulDB - https://vuldb.com:
3524| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
3525| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
3526| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
3527| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
3528| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
3529| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
3530| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
3531| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
3532| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
3533| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
3534| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
3535| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
3536| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
3537| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
3538| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
3539| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
3540| [67677] nginx up to 1.7.3 SSL weak authentication
3541| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
3542| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
3543| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
3544| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
3545| [65364] nginx up to 1.1.13 Default Configuration information disclosure
3546| [8671] nginx up to 1.4 proxy_pass denial of service
3547| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
3548| [7247] nginx 1.2.6 Proxy Function spoofing
3549| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
3550| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
3551| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
3552| [59645] nginx up to 0.8.9 Heap-based memory corruption
3553| [53592] nginx 0.8.36 memory corruption
3554| [53590] nginx up to 0.8.9 unknown vulnerability
3555| [51533] nginx 0.7.64 Terminal privilege escalation
3556| [50905] nginx up to 0.8.9 directory traversal
3557| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
3558| [50043] nginx up to 0.8.10 memory corruption
3559|
3560| MITRE CVE - https://cve.mitre.org:
3561| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
3562| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
3563| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
3564| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
3565| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
3566| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
3567| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
3568| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
3569| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
3570| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
3571| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
3572| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
3573| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
3574|
3575| SecurityFocus - https://www.securityfocus.com/bid/:
3576| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
3577| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
3578| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
3579| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
3580| [82230] nginx Multiple Denial of Service Vulnerabilities
3581| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
3582| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
3583| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
3584| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
3585| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
3586| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
3587| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
3588| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
3589| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
3590| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
3591| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
3592| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
3593| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
3594| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
3595| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3596| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3597| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3598| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3599| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
3600| [40420] nginx Directory Traversal Vulnerability
3601| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3602| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3603| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3604| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3605| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
3606|
3607| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3608| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
3609| [84172] nginx denial of service
3610| [84048] nginx buffer overflow
3611| [83923] nginx ngx_http_close_connection() integer overflow
3612| [83688] nginx null byte code execution
3613| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
3614| [82319] nginx access.log information disclosure
3615| [80952] nginx SSL spoofing
3616| [77244] nginx and Microsoft Windows request security bypass
3617| [76778] Naxsi module for Nginx nx_extract.py directory traversal
3618| [74831] nginx ngx_http_mp4_module.c buffer overflow
3619| [74191] nginx ngx_cpystrn() information disclosure
3620| [74045] nginx header response information disclosure
3621| [71355] nginx ngx_resolver_copy() buffer overflow
3622| [59370] nginx characters denial of service
3623| [59369] nginx DATA source code disclosure
3624| [59047] nginx space source code disclosure
3625| [58966] nginx unspecified directory traversal
3626| [54025] nginx ngx_http_parse.c denial of service
3627| [53431] nginx WebDAV component directory traversal
3628| [53328] Nginx CRC-32 cached domain name spoofing
3629| [53250] Nginx ngx_http_parse_complex_uri() function code execution
3630|
3631| Exploit-DB - https://www.exploit-db.com:
3632| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
3633| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
3634| [25499] nginx 1.3.9-1.4.0 DoS PoC
3635| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
3636| [14830] nginx 0.6.38 - Heap Corruption Exploit
3637| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
3638| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
3639| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3640| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
3641| [9829] nginx 0.7.61 WebDAV directory traversal
3642|
3643| OpenVAS (Nessus) - http://www.openvas.org:
3644| [864418] Fedora Update for nginx FEDORA-2012-3846
3645| [864310] Fedora Update for nginx FEDORA-2012-6238
3646| [864209] Fedora Update for nginx FEDORA-2012-6411
3647| [864204] Fedora Update for nginx FEDORA-2012-6371
3648| [864121] Fedora Update for nginx FEDORA-2012-4006
3649| [864115] Fedora Update for nginx FEDORA-2012-3991
3650| [864065] Fedora Update for nginx FEDORA-2011-16075
3651| [863654] Fedora Update for nginx FEDORA-2011-16110
3652| [861232] Fedora Update for nginx FEDORA-2007-1158
3653| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
3654| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
3655| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
3656| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
3657| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3658| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3659| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3660| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3661| [100659] nginx Directory Traversal Vulnerability
3662| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
3663| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3664| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3665| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3666| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
3667| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3668| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
3669| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
3670| [71297] FreeBSD Ports: nginx
3671| [71276] FreeBSD Ports: nginx
3672| [71239] Debian Security Advisory DSA 2434-1 (nginx)
3673| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
3674| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
3675| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
3676| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
3677| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
3678| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
3679| [64894] FreeBSD Ports: nginx
3680| [64869] Debian Security Advisory DSA 1884-1 (nginx)
3681|
3682| SecurityTracker - https://www.securitytracker.com:
3683| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
3684| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
3685| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
3686| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
3687|
3688| OSVDB - http://www.osvdb.org:
3689| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
3690| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
3691| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
3692| [92796] nginx ngx_http_close_connection Function Crafted r->
3693| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
3694| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
3695| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
3696| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
3697| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
3698| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
3699| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
3700| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
3701| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
3702| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
3703| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
3704| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
3705| [62617] nginx Internal DNS Cache Poisoning Weakness
3706| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
3707| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
3708| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
3709| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
3710| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
3711| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
3712| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
3713| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
3714| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
3715| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
3716|_
3717445/tcp closed microsoft-ds
3718Aggressive OS guesses: OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (91%), OpenWrt White Russian 0.9 (Linux 2.4.30) (91%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (91%), Linux 3.18 (91%), HP P2000 G3 NAS device (91%), Linux 2.6.32 (90%), ProVision-ISR security DVR (90%), Linux 3.0 (89%), Linux 3.12 - 4.10 (89%), Linux 3.16 (89%)
3719No exact OS matches for host (test conditions non-ideal).
3720Network Distance: 2 hops
3721TCP Sequence Prediction: Difficulty=261 (Good luck!)
3722IP ID Sequence Generation: All zeros
3723
3724TRACEROUTE (using port 445/tcp)
3725HOP RTT ADDRESS
37261 100.45 ms 10.249.204.1
37272 100.45 ms 192.0.78.13
3728
3729NSE: Script Post-scanning.
3730Initiating NSE at 09:20
3731Completed NSE at 09:20, 0.00s elapsed
3732Initiating NSE at 09:20
3733Completed NSE at 09:20, 0.00s elapsed
3734Read data files from: /usr/bin/../share/nmap
3735OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
3736Nmap done: 1 IP address (1 host up) scanned in 143.11 seconds
3737 Raw packets sent: 131227 (5.778MB) | Rcvd: 362 (32.056KB)
3738#######################################################################################################################################
3739Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:20 EST
3740NSE: Loaded 47 scripts for scanning.
3741NSE: Script Pre-scanning.
3742Initiating NSE at 09:20
3743Completed NSE at 09:20, 0.00s elapsed
3744Initiating NSE at 09:20
3745Completed NSE at 09:20, 0.00s elapsed
3746Initiating Parallel DNS resolution of 1 host. at 09:20
3747Completed Parallel DNS resolution of 1 host. at 09:20, 0.02s elapsed
3748Initiating UDP Scan at 09:20
3749Scanning 192.0.78.13 [15 ports]
3750Completed UDP Scan at 09:20, 1.81s elapsed (15 total ports)
3751Initiating Service scan at 09:20
3752Scanning 13 services on 192.0.78.13
3753Service scan Timing: About 7.69% done; ETC: 09:41 (0:19:24 remaining)
3754Completed Service scan at 09:22, 102.59s elapsed (13 services on 1 host)
3755Initiating OS detection (try #1) against 192.0.78.13
3756Retrying OS detection (try #2) against 192.0.78.13
3757Initiating Traceroute at 09:22
3758Completed Traceroute at 09:22, 7.10s elapsed
3759Initiating Parallel DNS resolution of 1 host. at 09:22
3760Completed Parallel DNS resolution of 1 host. at 09:22, 0.00s elapsed
3761NSE: Script scanning 192.0.78.13.
3762Initiating NSE at 09:22
3763Completed NSE at 09:22, 7.13s elapsed
3764Initiating NSE at 09:22
3765Completed NSE at 09:22, 1.01s elapsed
3766Nmap scan report for 192.0.78.13
3767Host is up (0.042s latency).
3768
3769PORT STATE SERVICE VERSION
377053/udp open|filtered domain
377167/udp open|filtered dhcps
377268/udp open|filtered dhcpc
377369/udp open|filtered tftp
377488/udp open|filtered kerberos-sec
3775123/udp open|filtered ntp
3776137/udp filtered netbios-ns
3777138/udp filtered netbios-dgm
3778139/udp open|filtered netbios-ssn
3779161/udp open|filtered snmp
3780162/udp open|filtered snmptrap
3781389/udp open|filtered ldap
3782500/udp open|filtered isakmp
3783|_ike-version: ERROR: Script execution failed (use -d to debug)
3784520/udp open|filtered route
37852049/udp open|filtered nfs
3786Too many fingerprints match this host to give specific OS details
3787
3788TRACEROUTE (using port 137/udp)
3789HOP RTT ADDRESS
37901 32.89 ms 10.249.204.1
37912 ... 3
37924 31.31 ms 10.249.204.1
37935 90.66 ms 10.249.204.1
37946 90.65 ms 10.249.204.1
37957 90.65 ms 10.249.204.1
37968 90.64 ms 10.249.204.1
37979 61.10 ms 10.249.204.1
379810 30.70 ms 10.249.204.1
379911 ... 18
380019 30.71 ms 10.249.204.1
380120 30.06 ms 10.249.204.1
380221 ... 27
380328 61.71 ms 10.249.204.1
380429 ...
380530 29.79 ms 10.249.204.1
3806
3807NSE: Script Post-scanning.
3808Initiating NSE at 09:22
3809Completed NSE at 09:22, 0.00s elapsed
3810Initiating NSE at 09:22
3811Completed NSE at 09:22, 0.00s elapsed
3812#######################################################################################################################################
3813Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:18 EST
3814Nmap scan report for 192.0.78.13
3815Host is up (0.071s latency).
3816Not shown: 995 filtered ports
3817PORT STATE SERVICE VERSION
381825/tcp closed smtp
381980/tcp open http nginx
3820| vulscan: VulDB - https://vuldb.com:
3821| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
3822| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
3823| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
3824| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
3825| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
3826| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
3827| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
3828| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
3829| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
3830| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
3831| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
3832| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
3833| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
3834| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
3835| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
3836| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
3837| [67677] nginx up to 1.7.3 SSL weak authentication
3838| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
3839| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
3840| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
3841| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
3842| [65364] nginx up to 1.1.13 Default Configuration information disclosure
3843| [8671] nginx up to 1.4 proxy_pass denial of service
3844| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
3845| [7247] nginx 1.2.6 Proxy Function spoofing
3846| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
3847| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
3848| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
3849| [59645] nginx up to 0.8.9 Heap-based memory corruption
3850| [53592] nginx 0.8.36 memory corruption
3851| [53590] nginx up to 0.8.9 unknown vulnerability
3852| [51533] nginx 0.7.64 Terminal privilege escalation
3853| [50905] nginx up to 0.8.9 directory traversal
3854| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
3855| [50043] nginx up to 0.8.10 memory corruption
3856|
3857| MITRE CVE - https://cve.mitre.org:
3858| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
3859| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
3860| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
3861| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
3862| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
3863| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
3864| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
3865| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
3866| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
3867| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
3868| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
3869| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
3870| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
3871|
3872| SecurityFocus - https://www.securityfocus.com/bid/:
3873| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
3874| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
3875| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
3876| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
3877| [82230] nginx Multiple Denial of Service Vulnerabilities
3878| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
3879| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
3880| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
3881| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
3882| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
3883| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
3884| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
3885| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
3886| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
3887| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
3888| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
3889| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
3890| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
3891| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
3892| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3893| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3894| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3895| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3896| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
3897| [40420] nginx Directory Traversal Vulnerability
3898| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3899| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3900| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3901| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3902| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
3903|
3904| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3905| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
3906| [84172] nginx denial of service
3907| [84048] nginx buffer overflow
3908| [83923] nginx ngx_http_close_connection() integer overflow
3909| [83688] nginx null byte code execution
3910| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
3911| [82319] nginx access.log information disclosure
3912| [80952] nginx SSL spoofing
3913| [77244] nginx and Microsoft Windows request security bypass
3914| [76778] Naxsi module for Nginx nx_extract.py directory traversal
3915| [74831] nginx ngx_http_mp4_module.c buffer overflow
3916| [74191] nginx ngx_cpystrn() information disclosure
3917| [74045] nginx header response information disclosure
3918| [71355] nginx ngx_resolver_copy() buffer overflow
3919| [59370] nginx characters denial of service
3920| [59369] nginx DATA source code disclosure
3921| [59047] nginx space source code disclosure
3922| [58966] nginx unspecified directory traversal
3923| [54025] nginx ngx_http_parse.c denial of service
3924| [53431] nginx WebDAV component directory traversal
3925| [53328] Nginx CRC-32 cached domain name spoofing
3926| [53250] Nginx ngx_http_parse_complex_uri() function code execution
3927|
3928| Exploit-DB - https://www.exploit-db.com:
3929| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
3930| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
3931| [25499] nginx 1.3.9-1.4.0 DoS PoC
3932| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
3933| [14830] nginx 0.6.38 - Heap Corruption Exploit
3934| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
3935| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
3936| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3937| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
3938| [9829] nginx 0.7.61 WebDAV directory traversal
3939|
3940| OpenVAS (Nessus) - http://www.openvas.org:
3941| [864418] Fedora Update for nginx FEDORA-2012-3846
3942| [864310] Fedora Update for nginx FEDORA-2012-6238
3943| [864209] Fedora Update for nginx FEDORA-2012-6411
3944| [864204] Fedora Update for nginx FEDORA-2012-6371
3945| [864121] Fedora Update for nginx FEDORA-2012-4006
3946| [864115] Fedora Update for nginx FEDORA-2012-3991
3947| [864065] Fedora Update for nginx FEDORA-2011-16075
3948| [863654] Fedora Update for nginx FEDORA-2011-16110
3949| [861232] Fedora Update for nginx FEDORA-2007-1158
3950| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
3951| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
3952| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
3953| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
3954| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3955| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3956| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3957| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3958| [100659] nginx Directory Traversal Vulnerability
3959| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
3960| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3961| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3962| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3963| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
3964| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3965| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
3966| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
3967| [71297] FreeBSD Ports: nginx
3968| [71276] FreeBSD Ports: nginx
3969| [71239] Debian Security Advisory DSA 2434-1 (nginx)
3970| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
3971| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
3972| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
3973| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
3974| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
3975| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
3976| [64894] FreeBSD Ports: nginx
3977| [64869] Debian Security Advisory DSA 1884-1 (nginx)
3978|
3979| SecurityTracker - https://www.securitytracker.com:
3980| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
3981| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
3982| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
3983| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
3984|
3985| OSVDB - http://www.osvdb.org:
3986| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
3987| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
3988| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
3989| [92796] nginx ngx_http_close_connection Function Crafted r->
3990| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
3991| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
3992| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
3993| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
3994| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
3995| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
3996| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
3997| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
3998| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
3999| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
4000| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
4001| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
4002| [62617] nginx Internal DNS Cache Poisoning Weakness
4003| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
4004| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
4005| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
4006| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
4007| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
4008| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
4009| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
4010| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
4011| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
4012| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
4013|_
4014139/tcp closed netbios-ssn
4015443/tcp open ssl/http nginx
4016| vulscan: VulDB - https://vuldb.com:
4017| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
4018| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
4019| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
4020| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
4021| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
4022| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
4023| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
4024| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
4025| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
4026| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
4027| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
4028| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
4029| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
4030| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
4031| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
4032| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
4033| [67677] nginx up to 1.7.3 SSL weak authentication
4034| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
4035| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
4036| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
4037| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
4038| [65364] nginx up to 1.1.13 Default Configuration information disclosure
4039| [8671] nginx up to 1.4 proxy_pass denial of service
4040| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
4041| [7247] nginx 1.2.6 Proxy Function spoofing
4042| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
4043| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
4044| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
4045| [59645] nginx up to 0.8.9 Heap-based memory corruption
4046| [53592] nginx 0.8.36 memory corruption
4047| [53590] nginx up to 0.8.9 unknown vulnerability
4048| [51533] nginx 0.7.64 Terminal privilege escalation
4049| [50905] nginx up to 0.8.9 directory traversal
4050| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
4051| [50043] nginx up to 0.8.10 memory corruption
4052|
4053| MITRE CVE - https://cve.mitre.org:
4054| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
4055| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
4056| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
4057| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
4058| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
4059| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
4060| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
4061| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
4062| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
4063| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
4064| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
4065| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
4066| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
4067|
4068| SecurityFocus - https://www.securityfocus.com/bid/:
4069| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
4070| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
4071| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
4072| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
4073| [82230] nginx Multiple Denial of Service Vulnerabilities
4074| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
4075| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
4076| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
4077| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
4078| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
4079| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
4080| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
4081| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
4082| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
4083| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
4084| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
4085| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
4086| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
4087| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
4088| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
4089| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
4090| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
4091| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
4092| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
4093| [40420] nginx Directory Traversal Vulnerability
4094| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
4095| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
4096| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
4097| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
4098| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
4099|
4100| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4101| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
4102| [84172] nginx denial of service
4103| [84048] nginx buffer overflow
4104| [83923] nginx ngx_http_close_connection() integer overflow
4105| [83688] nginx null byte code execution
4106| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
4107| [82319] nginx access.log information disclosure
4108| [80952] nginx SSL spoofing
4109| [77244] nginx and Microsoft Windows request security bypass
4110| [76778] Naxsi module for Nginx nx_extract.py directory traversal
4111| [74831] nginx ngx_http_mp4_module.c buffer overflow
4112| [74191] nginx ngx_cpystrn() information disclosure
4113| [74045] nginx header response information disclosure
4114| [71355] nginx ngx_resolver_copy() buffer overflow
4115| [59370] nginx characters denial of service
4116| [59369] nginx DATA source code disclosure
4117| [59047] nginx space source code disclosure
4118| [58966] nginx unspecified directory traversal
4119| [54025] nginx ngx_http_parse.c denial of service
4120| [53431] nginx WebDAV component directory traversal
4121| [53328] Nginx CRC-32 cached domain name spoofing
4122| [53250] Nginx ngx_http_parse_complex_uri() function code execution
4123|
4124| Exploit-DB - https://www.exploit-db.com:
4125| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
4126| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
4127| [25499] nginx 1.3.9-1.4.0 DoS PoC
4128| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
4129| [14830] nginx 0.6.38 - Heap Corruption Exploit
4130| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
4131| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
4132| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
4133| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
4134| [9829] nginx 0.7.61 WebDAV directory traversal
4135|
4136| OpenVAS (Nessus) - http://www.openvas.org:
4137| [864418] Fedora Update for nginx FEDORA-2012-3846
4138| [864310] Fedora Update for nginx FEDORA-2012-6238
4139| [864209] Fedora Update for nginx FEDORA-2012-6411
4140| [864204] Fedora Update for nginx FEDORA-2012-6371
4141| [864121] Fedora Update for nginx FEDORA-2012-4006
4142| [864115] Fedora Update for nginx FEDORA-2012-3991
4143| [864065] Fedora Update for nginx FEDORA-2011-16075
4144| [863654] Fedora Update for nginx FEDORA-2011-16110
4145| [861232] Fedora Update for nginx FEDORA-2007-1158
4146| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
4147| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
4148| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
4149| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
4150| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
4151| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
4152| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
4153| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
4154| [100659] nginx Directory Traversal Vulnerability
4155| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
4156| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
4157| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
4158| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
4159| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
4160| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
4161| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
4162| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
4163| [71297] FreeBSD Ports: nginx
4164| [71276] FreeBSD Ports: nginx
4165| [71239] Debian Security Advisory DSA 2434-1 (nginx)
4166| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
4167| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
4168| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
4169| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
4170| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
4171| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
4172| [64894] FreeBSD Ports: nginx
4173| [64869] Debian Security Advisory DSA 1884-1 (nginx)
4174|
4175| SecurityTracker - https://www.securitytracker.com:
4176| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
4177| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
4178| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
4179| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
4180|
4181| OSVDB - http://www.osvdb.org:
4182| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
4183| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
4184| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
4185| [92796] nginx ngx_http_close_connection Function Crafted r->
4186| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
4187| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
4188| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
4189| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
4190| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
4191| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
4192| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
4193| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
4194| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
4195| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
4196| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
4197| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
4198| [62617] nginx Internal DNS Cache Poisoning Weakness
4199| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
4200| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
4201| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
4202| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
4203| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
4204| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
4205| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
4206| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
4207| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
4208| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
4209|_
4210445/tcp closed microsoft-ds
4211#######################################################################################################################################
4212Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 09:18 EST
4213Nmap scan report for 192.0.78.12
4214Host is up (0.056s latency).
4215Not shown: 995 filtered ports
4216PORT STATE SERVICE VERSION
421725/tcp closed smtp
421880/tcp open http nginx
4219| vulscan: VulDB - https://vuldb.com:
4220| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
4221| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
4222| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
4223| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
4224| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
4225| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
4226| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
4227| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
4228| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
4229| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
4230| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
4231| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
4232| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
4233| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
4234| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
4235| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
4236| [67677] nginx up to 1.7.3 SSL weak authentication
4237| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
4238| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
4239| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
4240| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
4241| [65364] nginx up to 1.1.13 Default Configuration information disclosure
4242| [8671] nginx up to 1.4 proxy_pass denial of service
4243| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
4244| [7247] nginx 1.2.6 Proxy Function spoofing
4245| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
4246| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
4247| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
4248| [59645] nginx up to 0.8.9 Heap-based memory corruption
4249| [53592] nginx 0.8.36 memory corruption
4250| [53590] nginx up to 0.8.9 unknown vulnerability
4251| [51533] nginx 0.7.64 Terminal privilege escalation
4252| [50905] nginx up to 0.8.9 directory traversal
4253| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
4254| [50043] nginx up to 0.8.10 memory corruption
4255|
4256| MITRE CVE - https://cve.mitre.org:
4257| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
4258| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
4259| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
4260| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
4261| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
4262| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
4263| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
4264| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
4265| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
4266| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
4267| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
4268| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
4269| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
4270|
4271| SecurityFocus - https://www.securityfocus.com/bid/:
4272| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
4273| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
4274| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
4275| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
4276| [82230] nginx Multiple Denial of Service Vulnerabilities
4277| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
4278| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
4279| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
4280| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
4281| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
4282| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
4283| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
4284| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
4285| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
4286| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
4287| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
4288| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
4289| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
4290| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
4291| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
4292| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
4293| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
4294| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
4295| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
4296| [40420] nginx Directory Traversal Vulnerability
4297| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
4298| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
4299| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
4300| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
4301| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
4302|
4303| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4304| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
4305| [84172] nginx denial of service
4306| [84048] nginx buffer overflow
4307| [83923] nginx ngx_http_close_connection() integer overflow
4308| [83688] nginx null byte code execution
4309| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
4310| [82319] nginx access.log information disclosure
4311| [80952] nginx SSL spoofing
4312| [77244] nginx and Microsoft Windows request security bypass
4313| [76778] Naxsi module for Nginx nx_extract.py directory traversal
4314| [74831] nginx ngx_http_mp4_module.c buffer overflow
4315| [74191] nginx ngx_cpystrn() information disclosure
4316| [74045] nginx header response information disclosure
4317| [71355] nginx ngx_resolver_copy() buffer overflow
4318| [59370] nginx characters denial of service
4319| [59369] nginx DATA source code disclosure
4320| [59047] nginx space source code disclosure
4321| [58966] nginx unspecified directory traversal
4322| [54025] nginx ngx_http_parse.c denial of service
4323| [53431] nginx WebDAV component directory traversal
4324| [53328] Nginx CRC-32 cached domain name spoofing
4325| [53250] Nginx ngx_http_parse_complex_uri() function code execution
4326|
4327| Exploit-DB - https://www.exploit-db.com:
4328| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
4329| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
4330| [25499] nginx 1.3.9-1.4.0 DoS PoC
4331| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
4332| [14830] nginx 0.6.38 - Heap Corruption Exploit
4333| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
4334| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
4335| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
4336| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
4337| [9829] nginx 0.7.61 WebDAV directory traversal
4338|
4339| OpenVAS (Nessus) - http://www.openvas.org:
4340| [864418] Fedora Update for nginx FEDORA-2012-3846
4341| [864310] Fedora Update for nginx FEDORA-2012-6238
4342| [864209] Fedora Update for nginx FEDORA-2012-6411
4343| [864204] Fedora Update for nginx FEDORA-2012-6371
4344| [864121] Fedora Update for nginx FEDORA-2012-4006
4345| [864115] Fedora Update for nginx FEDORA-2012-3991
4346| [864065] Fedora Update for nginx FEDORA-2011-16075
4347| [863654] Fedora Update for nginx FEDORA-2011-16110
4348| [861232] Fedora Update for nginx FEDORA-2007-1158
4349| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
4350| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
4351| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
4352| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
4353| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
4354| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
4355| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
4356| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
4357| [100659] nginx Directory Traversal Vulnerability
4358| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
4359| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
4360| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
4361| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
4362| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
4363| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
4364| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
4365| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
4366| [71297] FreeBSD Ports: nginx
4367| [71276] FreeBSD Ports: nginx
4368| [71239] Debian Security Advisory DSA 2434-1 (nginx)
4369| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
4370| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
4371| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
4372| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
4373| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
4374| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
4375| [64894] FreeBSD Ports: nginx
4376| [64869] Debian Security Advisory DSA 1884-1 (nginx)
4377|
4378| SecurityTracker - https://www.securitytracker.com:
4379| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
4380| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
4381| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
4382| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
4383|
4384| OSVDB - http://www.osvdb.org:
4385| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
4386| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
4387| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
4388| [92796] nginx ngx_http_close_connection Function Crafted r->
4389| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
4390| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
4391| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
4392| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
4393| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
4394| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
4395| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
4396| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
4397| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
4398| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
4399| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
4400| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
4401| [62617] nginx Internal DNS Cache Poisoning Weakness
4402| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
4403| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
4404| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
4405| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
4406| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
4407| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
4408| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
4409| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
4410| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
4411| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
4412|_
4413139/tcp closed netbios-ssn
4414443/tcp open ssl/http nginx
4415| vulscan: VulDB - https://vuldb.com:
4416| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
4417| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
4418| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
4419| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
4420| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
4421| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
4422| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
4423| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
4424| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
4425| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
4426| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
4427| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
4428| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
4429| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
4430| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
4431| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
4432| [67677] nginx up to 1.7.3 SSL weak authentication
4433| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
4434| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
4435| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
4436| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
4437| [65364] nginx up to 1.1.13 Default Configuration information disclosure
4438| [8671] nginx up to 1.4 proxy_pass denial of service
4439| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
4440| [7247] nginx 1.2.6 Proxy Function spoofing
4441| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
4442| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
4443| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
4444| [59645] nginx up to 0.8.9 Heap-based memory corruption
4445| [53592] nginx 0.8.36 memory corruption
4446| [53590] nginx up to 0.8.9 unknown vulnerability
4447| [51533] nginx 0.7.64 Terminal privilege escalation
4448| [50905] nginx up to 0.8.9 directory traversal
4449| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
4450| [50043] nginx up to 0.8.10 memory corruption
4451|
4452| MITRE CVE - https://cve.mitre.org:
4453| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
4454| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
4455| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
4456| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
4457| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
4458| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
4459| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
4460| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
4461| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
4462| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
4463| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
4464| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
4465| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
4466|
4467| SecurityFocus - https://www.securityfocus.com/bid/:
4468| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
4469| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
4470| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
4471| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
4472| [82230] nginx Multiple Denial of Service Vulnerabilities
4473| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
4474| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
4475| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
4476| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
4477| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
4478| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
4479| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
4480| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
4481| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
4482| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
4483| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
4484| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
4485| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
4486| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
4487| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
4488| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
4489| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
4490| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
4491| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
4492| [40420] nginx Directory Traversal Vulnerability
4493| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
4494| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
4495| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
4496| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
4497| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
4498|
4499| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4500| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
4501| [84172] nginx denial of service
4502| [84048] nginx buffer overflow
4503| [83923] nginx ngx_http_close_connection() integer overflow
4504| [83688] nginx null byte code execution
4505| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
4506| [82319] nginx access.log information disclosure
4507| [80952] nginx SSL spoofing
4508| [77244] nginx and Microsoft Windows request security bypass
4509| [76778] Naxsi module for Nginx nx_extract.py directory traversal
4510| [74831] nginx ngx_http_mp4_module.c buffer overflow
4511| [74191] nginx ngx_cpystrn() information disclosure
4512| [74045] nginx header response information disclosure
4513| [71355] nginx ngx_resolver_copy() buffer overflow
4514| [59370] nginx characters denial of service
4515| [59369] nginx DATA source code disclosure
4516| [59047] nginx space source code disclosure
4517| [58966] nginx unspecified directory traversal
4518| [54025] nginx ngx_http_parse.c denial of service
4519| [53431] nginx WebDAV component directory traversal
4520| [53328] Nginx CRC-32 cached domain name spoofing
4521| [53250] Nginx ngx_http_parse_complex_uri() function code execution
4522|
4523| Exploit-DB - https://www.exploit-db.com:
4524| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
4525| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
4526| [25499] nginx 1.3.9-1.4.0 DoS PoC
4527| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
4528| [14830] nginx 0.6.38 - Heap Corruption Exploit
4529| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
4530| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
4531| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
4532| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
4533| [9829] nginx 0.7.61 WebDAV directory traversal
4534|
4535| OpenVAS (Nessus) - http://www.openvas.org:
4536| [864418] Fedora Update for nginx FEDORA-2012-3846
4537| [864310] Fedora Update for nginx FEDORA-2012-6238
4538| [864209] Fedora Update for nginx FEDORA-2012-6411
4539| [864204] Fedora Update for nginx FEDORA-2012-6371
4540| [864121] Fedora Update for nginx FEDORA-2012-4006
4541| [864115] Fedora Update for nginx FEDORA-2012-3991
4542| [864065] Fedora Update for nginx FEDORA-2011-16075
4543| [863654] Fedora Update for nginx FEDORA-2011-16110
4544| [861232] Fedora Update for nginx FEDORA-2007-1158
4545| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
4546| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
4547| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
4548| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
4549| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
4550| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
4551| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
4552| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
4553| [100659] nginx Directory Traversal Vulnerability
4554| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
4555| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
4556| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
4557| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
4558| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
4559| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
4560| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
4561| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
4562| [71297] FreeBSD Ports: nginx
4563| [71276] FreeBSD Ports: nginx
4564| [71239] Debian Security Advisory DSA 2434-1 (nginx)
4565| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
4566| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
4567| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
4568| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
4569| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
4570| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
4571| [64894] FreeBSD Ports: nginx
4572| [64869] Debian Security Advisory DSA 1884-1 (nginx)
4573|
4574| SecurityTracker - https://www.securitytracker.com:
4575| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
4576| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
4577| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
4578| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
4579|
4580| OSVDB - http://www.osvdb.org:
4581| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
4582| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
4583| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
4584| [92796] nginx ngx_http_close_connection Function Crafted r->
4585| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
4586| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
4587| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
4588| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
4589| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
4590| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
4591| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
4592| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
4593| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
4594| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
4595| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
4596| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
4597| [62617] nginx Internal DNS Cache Poisoning Weakness
4598| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
4599| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
4600| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
4601| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
4602| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
4603| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
4604| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
4605| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
4606| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
4607| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
4608|_
4609445/tcp closed microsoft-ds
4610#######################################################################################################################################
4611[INFO] ------TARGET info------
4612[*] TARGET: https://tauhidnews.wordpress.com/
4613[*] TARGET IP: 192.0.78.13
4614[ALERT] tauhidnews.wordpress.com has a load balancer for IPv4 with the following IPs:
4615[*] 192.0.78.13
4616[*] 192.0.78.12
4617[*] DNS servers: lb.wordpress.com. ns1.wordpress.com.
4618[*] TARGET server: nginx
4619[*] CC: US
4620[*] Country: United States
4621[*] RegionCode: CA
4622[*] RegionName: California
4623[*] City: San Francisco
4624[*] ASN: AS2635
4625[*] BGP_PREFIX: 192.0.78.0/24
4626[*] ISP: AUTOMATTIC - Automattic, Inc, US
4627[INFO] SSL/HTTPS certificate detected
4628[*] Issuer: issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
4629[*] Subject: subject=OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.wordpress.com
4630[INFO] DNS enumeration:
4631[*] ad.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4632[*] admin.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4633[*] ads.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4634[*] alpha.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4635[*] api.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4636[*] api-online.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4637[*] apolo.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4638[*] app.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4639[*] beta.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4640[*] bi.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4641[*] blog.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4642[*] cdn.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4643[*] events.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4644[*] ex.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4645[*] files.wordpress.com 192.0.72.2
4646[*] ftp.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4647[*] gateway.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4648[*] go.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4649[*] help.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4650[*] ib.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4651[*] images.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4652[*] internetbanking.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4653[*] intranet.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4654[*] jobs.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4655[*] join.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4656[*] live.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4657[*] login.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4658[*] m.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4659[*] mail.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4660[*] mail2.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4661[*] mobile.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4662[*] moodle.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4663[*] mx.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4664[*] mx2.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4665[*] mx3.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4666[*] my.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4667[*] new.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4668[*] news.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4669[*] ns1.wordpress.com 198.181.116.9
4670[*] ns2.wordpress.com 198.181.117.9
4671[*] ns3.wordpress.com 192.0.74.9
4672[*] oauth.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4673[*] old.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4674[*] one.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4675[*] open.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4676[*] out.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4677[*] outlook.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4678[*] portfolio.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4679[*] raw.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4680[*] repo.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4681[*] router.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4682[*] search.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4683[*] siem.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4684[*] slack.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4685[*] slackbot.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4686[*] snmp.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4687[*] stream.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4688[*] support.wordpress.com vip-lb.wordpress.com. 192.0.79.32 192.0.79.33
4689[*] syslog.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4690[*] tags.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4691[*] test.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4692[*] upload.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4693[*] video.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4694[*] vpn.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4695[*] webconf.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4696[*] webmail.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4697[*] webportal.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4698[*] wiki.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4699[*] www2.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4700[*] www3.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4701[*] zendesk.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4702[INFO] Possible abuse mails are:
4703[*] abuse@automattic.com
4704[*] abuse@wordpress.com
4705[INFO] NO PAC (Proxy Auto Configuration) file FOUND
4706[ALERT] robots.txt file FOUND in http://tauhidnews.wordpress.com/robots.txt
4707[INFO] Checking for HTTP status codes recursively from http://tauhidnews.wordpress.com/robots.txt
4708[INFO] Status code Folders
4709[*] 200 http://tauhidnews.wordpress.com/press-this.php
4710[*] 200 http://tauhidnews.wordpress.com/remote-login.php
4711[*] 200 http://tauhidnews.wordpress.com/wp-admin/
4712[*] 200 http://tauhidnews.wordpress.com/wp-login.php
4713[*] 200 http://tauhidnews.wordpress.com/wp-signup.php
4714[INFO] Starting FUZZing in http://tauhidnews.wordpress.com/FUzZzZzZzZz...
4715[INFO] Status code Folders
4716[ALERT] Look in the source code. It may contain passwords
4717[ALERT] Content in http://tauhidnews.wordpress.com/ AND http://www.tauhidnews.wordpress.com/ is different
4718[INFO] MD5 for http://tauhidnews.wordpress.com/ is: 1e5aaf484a7a584025430e3d01b1127f
4719[INFO] MD5 for http://www.tauhidnews.wordpress.com/ is: dbfb27ffdc793a5cb214c4bf9100911d
4720[INFO] http://tauhidnews.wordpress.com/ redirects to https://tauhidnews.wordpress.com/
4721[INFO] http://www.tauhidnews.wordpress.com/ redirects to https://tauhidnews.wordpress.com/
4722[INFO] Links found from https://tauhidnews.wordpress.com/ http://192.0.78.13/:
4723[*] http://arrahmah.com/images/stories/2011/03/sofyan_tasauri7.jpg
4724[*] http://bekamsehat.wordpress.com/
4725[*] http://lintastanzhim.wordpress.com/
4726[*] http://millahibrahim.wordpress.com/
4727[*] http://rovicky.files.wordpress.com/2010/11/okt2010_merapi_010.jpg?w=428
4728[*] https://automattic.com/
4729[*] https://automattic.com/cookies
4730[*] https://automattic.com/privacy/
4731[*] https://automattic.com/work-with-us/code-wrangler/?utm_source=h4&utm_campaign=cw-php-we
4732[*] https://central.wordcamp.org/
4733[*] https://developer.wordpress.com/
4734[*] https://en.blog.wordpress.com/
4735[*] https://en.blog.wordpress.com/feed/
4736[*] https://en.forums.wordpress.com/
4737[*] https://en.support.wordpress.com/
4738[*] https://en.wordpress.com/osd.xml
4739[*] https://ma.tt/
4740[*] https://s1.wp.com/opensearch.xml
4741[*] https://store.wordpress.com/
4742[*] https://tauhidnews.files.wordpress.com/2010/11/banner-kambing-3.jpg
4743[*] https://tauhidnews.files.wordpress.com/2011/01/kreator-1.jpg
4744[*] https://tauhidnews.files.wordpress.com/2011/01/kreator-2.jpg
4745[*] https://tauhidnews.files.wordpress.com/2011/01/kreator.jpg
4746[*] https://tauhidnews.files.wordpress.com/2011/01/sofyantsauri.jpg
4747[*] https://tauhidnews.files.wordpress.com/2011/02/banner-donate-mujahidin1.png
4748[*] https://tauhidnews.files.wordpress.com/2011/02/maghrib-2.jpg
4749[*] https://tauhidnews.files.wordpress.com/2011/04/yes.jpg
4750[*] https://tauhidnews.wordpress.com/
4751[*] https://tauhidnews.wordpress.com/2010/01/
4752[*] https://tauhidnews.wordpress.com/2010/02/
4753[*] https://tauhidnews.wordpress.com/2010/05/
4754[*] https://tauhidnews.wordpress.com/2010/06/
4755[*] https://tauhidnews.wordpress.com/2010/06/12/khawarij-dan-baraah-kami-dari-‘aqidah-dan-manhaj-mereka/
4756[*] https://tauhidnews.wordpress.com/2010/10/
4757[*] https://tauhidnews.wordpress.com/2010/10/09/bantahan-terhadap-sang-pendusta-nasir-abbas/
4758[*] https://tauhidnews.wordpress.com/2010/11/
4759[*] https://tauhidnews.wordpress.com/2010/11/05/
4760[*] https://tauhidnews.wordpress.com/2010/11/05/donate-for-mujahid-family/
4761[*] https://tauhidnews.wordpress.com/2010/11/05/donate-for-mujahid-family/#respond
4762[*] https://tauhidnews.wordpress.com/2010/11/05/foto-foto-merapi/
4763[*] https://tauhidnews.wordpress.com/2010/11/05/foto-foto-merapi/#respond
4764[*] https://tauhidnews.wordpress.com/2010/12/
4765[*] https://tauhidnews.wordpress.com/2010/12/03/
4766[*] https://tauhidnews.wordpress.com/2010/12/03/ajaran-islam-yg-tersingkir/
4767[*] https://tauhidnews.wordpress.com/2010/12/03/ajaran-islam-yg-tersingkir/#respond
4768[*] https://tauhidnews.wordpress.com/2011/01/
4769[*] https://tauhidnews.wordpress.com/2011/01/15/
4770[*] https://tauhidnews.wordpress.com/2011/01/15/50-tokoh-jil-indonesia”-maka-hati-hatilah/
4771[*] https://tauhidnews.wordpress.com/2011/01/15/50-tokoh-jil-indonesia”-maka-hati-hatilah/#comments
4772[*] https://tauhidnews.wordpress.com/2011/01/15/order-anda-untuk-ma-isyah-mereka/
4773[*] https://tauhidnews.wordpress.com/2011/01/15/order-anda-untuk-ma-isyah-mereka/#respond
4774[*] https://tauhidnews.wordpress.com/2011/01/20/
4775[*] https://tauhidnews.wordpress.com/2011/01/20/sofyan-tsauri-divonis-10-tahun-penjara/
4776[*] https://tauhidnews.wordpress.com/2011/01/20/sofyan-tsauri-divonis-10-tahun-penjara/#comments
4777[*] https://tauhidnews.wordpress.com/2011/01/20/sofyan-tsauri-divonis-10-tahun-penjara/#more-203
4778[*] https://tauhidnews.wordpress.com/2011/02/
4779[*] https://tauhidnews.wordpress.com/2011/02/09/
4780[*] https://tauhidnews.wordpress.com/2011/02/09/كيف-يطيب-القعود-؟-bagaimana-bisa-tetap-tenang-untuk-duduk/
4781[*] https://tauhidnews.wordpress.com/2011/02/09/كيف-يطيب-القعود-؟-bagaimana-bisa-tetap-tenang-untuk-duduk/#more-211
4782[*] https://tauhidnews.wordpress.com/2011/02/09/كيف-يطيب-القعود-؟-bagaimana-bisa-tetap-tenang-untuk-duduk/#respond
4783[*] https://tauhidnews.wordpress.com/2011/02/24/
4784[*] https://tauhidnews.wordpress.com/2011/02/24/kalkulator-zakat/
4785[*] https://tauhidnews.wordpress.com/2011/02/24/kalkulator-zakat/#more-220
4786[*] https://tauhidnews.wordpress.com/2011/02/24/kalkulator-zakat/#respond
4787[*] https://tauhidnews.wordpress.com/2011/03/
4788[*] https://tauhidnews.wordpress.com/2011/03/28/
4789[*] https://tauhidnews.wordpress.com/2011/03/28/sofyan-tsauri-“datanglah-kalian-kemari-bebaskan-tawanan-muslim”/
4790[*] https://tauhidnews.wordpress.com/2011/03/28/sofyan-tsauri-“datanglah-kalian-kemari-bebaskan-tawanan-muslim”/#comments
4791[*] https://tauhidnews.wordpress.com/2011/03/28/sofyan-tsauri-“datanglah-kalian-kemari-bebaskan-tawanan-muslim”/#more-232
4792[*] https://tauhidnews.wordpress.com/2011/04/
4793[*] https://tauhidnews.wordpress.com/2011/04/26/
4794[*] https://tauhidnews.wordpress.com/2011/04/26/235/
4795[*] https://tauhidnews.wordpress.com/2011/04/26/235/#respond
4796[*] https://tauhidnews.wordpress.com/?attachment_id=957
4797[*] https://tauhidnews.wordpress.com/author/softguncenter/
4798[*] https://tauhidnews.wordpress.com/category/berita/
4799[*] https://tauhidnews.wordpress.com/category/berita/hari-ini/
4800[*] https://tauhidnews.wordpress.com/category/berita/kemarin/
4801[*] https://tauhidnews.wordpress.com/category/fiqih/
4802[*] https://tauhidnews.wordpress.com/category/jihad/
4803[*] https://tauhidnews.wordpress.com/category/tauhid/
4804[*] https://tauhidnews.wordpress.com/category/tauhid/mengenal-manhaj-ht/
4805[*] https://tauhidnews.wordpress.com/comments/feed/
4806[*] https://tauhidnews.wordpress.com/feed/
4807[*] https://tauhidnews.wordpress.com/#_ftn1
4808[*] https://tauhidnews.wordpress.com/osd.xml
4809[*] https://tauhidnews.wordpress.com/page/2/
4810[*] https://tauhidnews.wordpress.com/perihal/
4811[*] https://tauhidnews.wordpress.com/syubuhat/
4812[*] https://twitter.com/wordpressdotcom
4813[*] https://wordpress.com/
4814[*] https://wordpress.com/about/
4815[*] https://wordpress.com/features/
4816[*] https://wordpress.com/pricing/
4817[*] https://wordpress.com/start?ref=
4818[*] https://wordpress.com/start?ref=typo-reserved
4819[*] https://wordpress.com/start/?ref=websitebluefooter
4820[*] https://wordpress.com/themes/
4821[*] https://wordpress.com/tos/
4822[*] https://wordpress.com/wp-login.php?redirect_to=https://en.wordpress.com/typo/?subdomain=192
4823[*] https://wordpress.org/
4824[*] https://wpcomwidgets.com/?width=600&height=350&src=http://www.widgipedia.com/widgets/orido/wiDget-Kalkulator-Zakat-6276-8192_134217728.widget?__install_id=1248327469976&__view=expanded&quality=autohigh&loop=false&wmode=transparent&menu=false&allowscriptaccess=sameDomain&_tag=gigya&_hash=d17c2b0efd0ffab3837f51f24cd5878e
4825[*] https://www.facebook.com/WordPresscom
4826[*] http://trezna.com/
4827[*] http://www.arismansuyendra.com/
4828cut: intervalle de champ incorrecte
4829Saisissez « cut --help » pour plus d'informations.
4830[INFO] Shodan detected the following opened ports on 192.0.78.13:
4831[*] 0
4832[*] 2
4833[*] 3
4834[*] 443
4835[*] 80
4836[INFO] ------VirusTotal SECTION------
4837[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
4838[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
4839[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
4840[INFO] ------Alexa Rank SECTION------
4841[INFO] Percent of Visitors Rank in Country:
4842[INFO] Percent of Search Traffic:
4843[INFO] Percent of Unique Visits:
4844[INFO] Total Sites Linking In:
4845[*] Total Sites
4846[INFO] Useful links related to tauhidnews.wordpress.com - 192.0.78.13:
4847[*] https://www.virustotal.com/pt/ip-address/192.0.78.13/information/
4848[*] https://www.hybrid-analysis.com/search?host=192.0.78.13
4849[*] https://www.shodan.io/host/192.0.78.13
4850[*] https://www.senderbase.org/lookup/?search_string=192.0.78.13
4851[*] https://www.alienvault.com/open-threat-exchange/ip/192.0.78.13
4852[*] http://pastebin.com/search?q=192.0.78.13
4853[*] http://urlquery.net/search.php?q=192.0.78.13
4854[*] http://www.alexa.com/siteinfo/tauhidnews.wordpress.com
4855[*] http://www.google.com/safebrowsing/diagnostic?site=tauhidnews.wordpress.com
4856[*] https://censys.io/ipv4/192.0.78.13
4857[*] https://www.abuseipdb.com/check/192.0.78.13
4858[*] https://urlscan.io/search/#192.0.78.13
4859[*] https://github.com/search?q=192.0.78.13&type=Code
4860[INFO] Useful links related to AS2635 - 192.0.78.0/24:
4861[*] http://www.google.com/safebrowsing/diagnostic?site=AS:2635
4862[*] https://www.senderbase.org/lookup/?search_string=192.0.78.0/24
4863[*] http://bgp.he.net/AS2635
4864[*] https://stat.ripe.net/AS2635
4865[INFO] Date: 14/01/20 | Time: 09:00:50
4866[INFO] Total time: 0 minute(s) and 54 second(s)
4867#######################################################################################################################################
4868[-] Target: https://tauhidnews.wordpress.com (192.0.78.13)
4869[I] Server: nginx
4870[L] X-Frame-Options: Not Enforced
4871[I] X-Content-Security-Policy: Not Enforced
4872[I] X-Content-Type-Options: Not Enforced
4873[L] Robots.txt Found: https://tauhidnews.wordpress.com/robots.txt
4874[I] CMS Detection: WordPress
4875[I] Wordpress Theme: pub
4876[M] EDB-ID: 17613 "WordPress Plugin E-Commerce 3.8.4 - SQL Injection"
4877[M] EDB-ID: 18198 "Family Connections CMS 2.5.0/2.7.1 - 'less.php' Remote Command Execution"
4878[M] EDB-ID: 18417 "WordPress 3.3.1 - Multiple Vulnerabilities"
4879[M] EDB-ID: 23494 "WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload"
4880[M] EDB-ID: 24515 "Cometchat Application - Multiple Vulnerabilities"
4881[M] EDB-ID: 25723 "WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities"
4882[M] EDB-ID: 27531 "WordPress Plugin Hms Testimonials 2.0.10 - Multiple Vulnerabilities"
4883[M] EDB-ID: 28054 "WordPress Plugin IndiaNIC Testimonial - Multiple Vulnerabilities"
4884[M] EDB-ID: 29754 "WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting"
4885[M] EDB-ID: 30443 "WordPress Theme Persuasion 2.x - Arbitrary File Download / File Deletion"
4886[M] EDB-ID: 33851 "Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution"
4887[M] EDB-ID: 35385 "WordPress Plugin Slider REvolution 3.0.95 / Showbiz Pro 1.7.1 - Arbitrary File Upload"
4888[M] EDB-ID: 36061 "WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection"
4889[M] EDB-ID: 36844 "WordPress 4.2 - Persistent Cross-Site Scripting"
4890[M] EDB-ID: 36954 "WordPress Plugin Yet Another Related Posts 4.2.4 - Cross-Site Request Forgery"
4891[M] EDB-ID: 37705 "WordPress Plugin Unite Gallery Lite 1.4.6 - Multiple Vulnerabilities"
4892[M] EDB-ID: 38086 "WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities"
4893[M] EDB-ID: 39339 "BK Mobile jQuery CMS 2.4 - Multiple Vulnerabilities"
4894[M] EDB-ID: 39513 "WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities"
4895[M] EDB-ID: 39536 "WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities"
4896[M] EDB-ID: 39552 "WordPress Theme Beauty & Clean 1.0.8 - Arbitrary File Upload"
4897[M] EDB-ID: 40042 "WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection"
4898[M] EDB-ID: 41857 "WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection"
4899[M] EDB-ID: 42129 "WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting"
4900[M] EDB-ID: 43889 "CMS Made Simple 1.11.9 - Multiple Vulnerabilities"
4901[M] EDB-ID: 4397 "Claymore Dual GPU Miner 10.5 - Format String"
4902[M] EDB-ID: 44595 "WordPress Plugin User Role Editor < 4.25 - Privilege Escalation"
4903[M] EDB-ID: 46537 "WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion"
4904[M] EDB-ID: 47516 "WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting"
4905[M] EDB-ID: 47517 "WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting"
4906[M] EDB-ID: 47518 "WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting"
4907[M] EDB-ID: 8820 "amember 3.1.7 - Cross-Site Scripting / SQL Injection / HTML Injection"
4908[-] WordPress usernames identified:
4909[M] l-Irhaby To Day
4910[M] XML-RPC services are enabled
4911[M] Website vulnerable to XML-RPC Brute Force Vulnerability
4912[I] Autocomplete Off Not Found: https://tauhidnews.wordpress.com/wp-login.php
4913[-] Default WordPress Files:
4914[I] https://tauhidnews.wordpress.com/wp-content/themes/twentyten/license.txt
4915[I] https://tauhidnews.wordpress.com/wp-content/themes/twentyten/readme.txt
4916[I] https://tauhidnews.wordpress.com/wp-includes/ID3/license.commercial.txt
4917[I] https://tauhidnews.wordpress.com/wp-includes/ID3/license.txt
4918[I] https://tauhidnews.wordpress.com/wp-includes/ID3/readme.txt
4919[I] https://tauhidnews.wordpress.com/wp-includes/images/crystal/license.txt
4920[I] https://tauhidnews.wordpress.com/wp-includes/js/plupload/license.txt
4921[I] https://tauhidnews.wordpress.com/wp-includes/js/tinymce/license.txt
4922[-] Searching Wordpress Plugins ...
4923[I] akismet
4924[M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
4925[M] EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
4926[I] bbpress v2.5.12
4927[M] EDB-ID: 22396 "WordPress Plugin bbPress - Multiple Vulnerabilities"
4928[I] feed
4929[M] EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
4930[I] gutenberg-blocks
4931[I] ie-sitemode
4932[I] Checking for Directory Listing Enabled ...
4933[-] Date & Time: 14/01/2020 09:02:25
4934[-] Completed in: 0:03:09
4935#######################################################################################################################################
4936 Anonymous JTSEC #OpISIS Full Recon #26