· 6 years ago · Jan 14, 2020, 07:10 PM
1######################################################################################################################################
2======================================================================================================================================
3Hostname albagdad.wordpress.com ISP Automattic, Inc
4Continent North America Flag
5US
6Country United States Country Code US
7Region California Local time 14 Jan 2020 10:27 PST
8City San Francisco Postal Code 94110
9IP Address 192.0.78.12 Latitude 37.751
10 Longitude -122.412
11=======================================================================================================================================
12######################################################################################################################################
13> albagdad.wordpress.com
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18albagdad.wordpress.com canonical name = lb.wordpress.com.
19Name: lb.wordpress.com
20Address: 192.0.78.12
21Name: lb.wordpress.com
22Address: 192.0.78.13
23>
24######################################################################################################################################
25[+] Target : albagdad.wordpress.com
26
27[+] IP Address : 192.0.78.13
28
29[+] Headers :
30
31[+] Server : nginx
32[+] Date : Tue, 14 Jan 2020 18:35:56 GMT
33[+] Content-Type : text/html; charset=UTF-8
34[+] Transfer-Encoding : chunked
35[+] Connection : keep-alive
36[+] Vary : Accept-Encoding, Cookie
37[+] X-hacker : If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
38[+] Link : <https://wp.me/a2ido>; rel=shortlink
39[+] Content-Encoding : gzip
40[+] X-ac : 1.yyz _dfw
41[+] Strict-Transport-Security : max-age=15552000
42
43[+] SSL Certificate Information :
44
45[+] organizationalUnitName : EssentialSSL Wildcard
46[+] commonName : *.wordpress.com
47[+] countryName : GB
48[+] stateOrProvinceName : Greater Manchester
49[+] localityName : Salford
50[+] organizationName : COMODO CA Limited
51[+] commonName : COMODO RSA Domain Validation Secure Server CA
52[+] Version : 3
53[+] Serial Number : A7810B64B529C1A86900B6ED8C1A0868
54[+] Not Before : Sep 6 00:00:00 2018 GMT
55[+] Not After : Sep 5 23:59:59 2020 GMT
56[+] OCSP : ('http://ocsp.comodoca.com',)
57[+] subject Alt Name : (('DNS', '*.wordpress.com'), ('DNS', 'wordpress.com'))
58[+] CA Issuers : ('http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt',)
59[+] CRL Distribution Points : ('http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl',)
60
61[+] Whois Lookup :
62
63[+] NIR : None
64[+] ASN Registry : arin
65[+] ASN : 2635
66[+] ASN CIDR : 192.0.78.0/24
67[+] ASN Country Code : US
68[+] ASN Date : 2012-11-20
69[+] ASN Description : AUTOMATTIC - Automattic, Inc, US
70[+] cidr : 192.0.64.0/18
71[+] name : AUTOMATTIC
72[+] handle : NET-192-0-64-0-1
73[+] range : 192.0.64.0 - 192.0.127.255
74[+] description : Automattic, Inc
75[+] country : US
76[+] state : CA
77[+] city : San Francisco
78[+] address : 60 29th Street #343
79[+] postal_code : 94110
80[+] emails : ['ipadmin@automattic.com', 'abuse@automattic.com']
81[+] created : 2012-11-20
82[+] updated : 2012-11-20
83
84[+] Crawling Target...
85
86[+] Looking for robots.txt........[ Found ]
87[+] Extracting robots Links.......[ 11 ]
88[+] Looking for sitemap.xml.......[ Found ]
89[+] Extracting sitemap Links......[ 352 ]
90[+] Extracting CSS Links..........[ 2 ]
91[+] Extracting Javascript Links...[ 3 ]
92[+] Extracting Internal Links.....[ 38 ]
93[+] Extracting External Links.....[ 6 ]
94[+] Extracting Images.............[ 3 ]
95
96[+] Total Links Extracted : 390
97
98[+] Dumping Links in /opt/FinalRecon/dumps/albagdad.wordpress.com.dump
99[+] Completed!
100######################################################################################################################################
101[i] Scanning Site: https://albagdad.wordpress.com
102
103
104
105B A S I C I N F O
106====================
107
108
109[+] Site Title: Albagdad | dawahilallah.com
110[+] IP address: 192.0.78.13
111[+] Web Server: nginx
112[+] CMS: WordPress
113[+] Cloudflare: Not Detected
114[+] Robots File: Found
115
116-------------[ contents ]----------------
117# If you are regularly crawling WordPress.com sites, please use our firehose to receive real-time push updates instead.
118# Please see https://developer.wordpress.com/docs/firehose/ for more details.
119
120Sitemap: https://albagdad.wordpress.com/sitemap.xml
121Sitemap: https://albagdad.wordpress.com/news-sitemap.xml
122
123User-agent: *
124Disallow: /wp-admin/
125Allow: /wp-admin/admin-ajax.php
126Disallow: /wp-login.php
127Disallow: /wp-signup.php
128Disallow: /press-this.php
129Disallow: /remote-login.php
130Disallow: /activate/
131Disallow: /cgi-bin/
132Disallow: /mshots/v1/
133Disallow: /next/
134Disallow: /public.api/
135
136# This file was generated on Fri, 25 Oct 2019 14:02:39 +0000
137
138-----------[end of contents]-------------
139
140
141
142W H O I S L O O K U P
143========================
144
145 No match for "ALBAGDAD.WORDPRESS.COM".
146>>> Last update of whois database: 2020-01-14T18:35:58Z <<<
147
148
149
150The Registry database contains ONLY .COM, .NET, .EDU domains and
151Registrars.
152
153
154
155
156G E O I P L O O K U P
157=========================
158
159[i] IP Address: 192.0.78.12
160[i] Country: United States
161[i] State: California
162[i] City: San Francisco
163[i] Latitude: 37.7506
164[i] Longitude: -122.4121
165
166
167
168
169H T T P H E A D E R S
170=======================
171
172
173[i] HTTP/1.1 200 OK
174[i] Server: nginx
175[i] Date: Tue, 14 Jan 2020 18:36:07 GMT
176[i] Content-Type: text/html; charset=UTF-8
177[i] Connection: close
178[i] Vary: Accept-Encoding
179[i] Last-Modified: Tue, 14 Jan 2020 18:36:01 GMT
180[i] Cache-Control: max-age=294, must-revalidate
181[i] X-nananana: Batcache
182[i] Vary: Cookie
183[i] X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
184[i] Link: <https://wp.me/a2ido>; rel=shortlink
185[i] X-ac: 1.yyz _dfw
186[i] Strict-Transport-Security: max-age=15552000
187
188
189
190
191D N S L O O K U P
192===================
193
194albagdad.wordpress.com. 14399 IN CNAME lb.wordpress.com.
195
196
197
198
199S U B N E T C A L C U L A T I O N
200====================================
201
202Address = 192.0.78.12
203Network = 192.0.78.12 / 32
204Netmask = 255.255.255.255
205Broadcast = not needed on Point-to-Point links
206Wildcard Mask = 0.0.0.0
207Hosts Bits = 0
208Max. Hosts = 1 (2^0 - 0)
209Host Range = { 192.0.78.12 - 192.0.78.12 }
210
211
212
213N M A P P O R T S C A N
214============================
215
216Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-14 18:36 UTC
217Nmap scan report for albagdad.wordpress.com (192.0.78.12)
218Host is up (0.0017s latency).
219Other addresses for albagdad.wordpress.com (not scanned): 192.0.78.13
220
221PORT STATE SERVICE
22221/tcp filtered ftp
22322/tcp filtered ssh
22423/tcp filtered telnet
22580/tcp open http
226110/tcp filtered pop3
227143/tcp filtered imap
228443/tcp open https
2293389/tcp filtered ms-wbt-server
230
231Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds
232######################################################################################################################################
233[+] Starting At 2020-01-14 13:37:02.228814
234[+] Collecting Information On: https://albagdad.wordpress.com/
235[#] Status: 200
236--------------------------------------------------
237[#] Web Server Detected: nginx
238[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
239- Server: nginx
240- Date: Tue, 14 Jan 2020 18:36:58 GMT
241- Content-Type: text/html; charset=UTF-8
242- Transfer-Encoding: chunked
243- Connection: keep-alive
244- Vary: Accept-Encoding, Cookie
245- Last-Modified: Tue, 14 Jan 2020 18:36:01 GMT
246- Cache-Control: max-age=243, must-revalidate
247- X-nananana: Batcache
248- X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
249- Link: <https://wp.me/a2ido>; rel=shortlink
250- Content-Encoding: gzip
251- X-ac: 1.yyz _dfw
252- Strict-Transport-Security: max-age=15552000
253--------------------------------------------------
254[#] Finding Location..!
255[#] status: success
256[#] country: United States
257[#] countryCode: US
258[#] region: CA
259[#] regionName: California
260[#] city: San Francisco
261[#] zip: 94110
262[#] lat: 37.7441
263[#] lon: -122.422
264[#] timezone: America/Los_Angeles
265[#] isp: Automattic, Inc
266[#] org: Automattic, Inc
267[#] as: AS2635 Automattic, Inc
268[#] query: 192.0.78.17
269--------------------------------------------------
270[x] Didn't Detect WAF Presence on: https://albagdad.wordpress.com/
271--------------------------------------------------
272[#] Starting Reverse DNS
273[!] Found 21 any Domain
274- australia30.com.au
275- blog.betterlesson.com
276- blog.carmyleephotography.com
277- blog.cyclonecenter.org
278- blog.planetfour.org
279- blog.predictit.org
280- blog.tsolife.com
281- ceo.foodtree.com
282- channelsailing.org
283- columns.dcp.ufl.edu
284- culturalinsight.com
285- detoursfrance.com
286- emergencyformula.com
287- environment.elnidoresorts.com
288- furniture.theroomplace.com
289- ifc.uconn.edu
290- make.wp-api.org
291- stiftung-medienopfer.de
292- tamebaristas.com
293- tlt.fandm.edu
294- wordpress.com
295--------------------------------------------------
296[!] Scanning Open Port
297[#] 80/tcp open http
298[#] 443/tcp open https
299--------------------------------------------------
300[+] Getting SSL Info
301{'OCSP': ('http://ocsp.comodoca.com',),
302 'caIssuers': ('http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt',),
303 'crlDistributionPoints': ('http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl',),
304 'issuer': ((('countryName', 'GB'),),
305 (('stateOrProvinceName', 'Greater Manchester'),),
306 (('localityName', 'Salford'),),
307 (('organizationName', 'COMODO CA Limited'),),
308 (('commonName', 'COMODO RSA Domain Validation Secure Server CA'),)),
309 'notAfter': 'Sep 5 23:59:59 2020 GMT',
310 'notBefore': 'Sep 6 00:00:00 2018 GMT',
311 'serialNumber': 'A7810B64B529C1A86900B6ED8C1A0868',
312 'subject': ((('organizationalUnitName', 'Domain Control Validated'),),
313 (('organizationalUnitName', 'EssentialSSL Wildcard'),),
314 (('commonName', '*.wordpress.com'),)),
315 'subjectAltName': (('DNS', '*.wordpress.com'), ('DNS', 'wordpress.com')),
316 'version': 3}
317-----BEGIN CERTIFICATE-----
318MIIG2TCCBcGgAwIBAgIRAKeBC2S1KcGoaQC27YwaCGgwDQYJKoZIhvcNAQELBQAw
319gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
320BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
321VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
322Q0EwHhcNMTgwOTA2MDAwMDAwWhcNMjAwOTA1MjM1OTU5WjBdMSEwHwYDVQQLExhE
323b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxHjAcBgNVBAsTFUVzc2VudGlhbFNTTCBX
324aWxkY2FyZDEYMBYGA1UEAwwPKi53b3JkcHJlc3MuY29tMIIBIjANBgkqhkiG9w0B
325AQEFAAOCAQ8AMIIBCgKCAQEAtX8qlG2EEfbt976zryjdtGbx89fdxpoAUfwTmW6Y
3268DY0LCvtejfR3w8kPEO6e3iRwyAmXoDBtA7cU06AsUP3e5cQyoWXcrW3ijsETOd9
327aBA58CeCsZJ47KfFxCU91Fijpv1VarlJblydVx1JouEj0HlGqAghLsrDehkQwczs
328EwWtz5gOvenRGPIXVw1g/Or/QYv1fwcvOglhOgbKN2HpHnIPOp9RAFbYPWhDC7sc
329a4lK2o85siaoe7563fSd+FfsiQ6Ssh4fK2sMqXbWqoyKonem+6rCWdWPvVsIBDH2
3308v2HZ6s74CQSeMuAy5CZJOwv8emqlByp9GtuGWECqOgLpwIDAQABo4IDXjCCA1ow
331HwYDVR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFA1qB7w5
332rS0dqQtaLzRiiA9WS7X2MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0G
333A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQB
334sjEBAgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20v
335Q1BTMAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9k
336b2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0Eu
337Y3JsMIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29t
338b2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJD
339QS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTApBgNV
340HREEIjAggg8qLndvcmRwcmVzcy5jb22CDXdvcmRwcmVzcy5jb20wggF/BgorBgEE
341AdZ5AgQCBIIBbwSCAWsBaQB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6
342qP3LAAABZayjjkoAAAQDAEcwRQIhAKz7RLxwEe2RASIQxFmK0wa5cL+UkxNsca2L
343rQY3cOjMAiARjKGfL3sPAj3NaiKaJceVxd2xKIqgVFiyn+nUNLziUQB3AF6nc/nf
344VsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABZayjjocAAAQDAEgwRgIhAP6F
345dPFHxFhI07FV6PGss0u34O3IKh7t5bdInq1yzfGHAiEA2CPZamK6a3DLTOPmdFfk
346BVl51AekibMouaopWKH9cAwAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6od
347BxPTDAAAAWWso45sAAAEAwBHMEUCIQChMawM9D4XL9Rty9yIHVt5nSAWlnWO9mUa
3485PukI4ogIQIgbbnceypgG1l21iW7p9PKMxG1aVILjVLPyM5bvEX1T/8wDQYJKoZI
349hvcNAQELBQADggEBAHs2PmSUv9MLxHibC/FugGZkr9zOgkxEVVtQlNVUZkNPGeGx
350017Vwhi37+mNHp8uyT6zTOtKw1YBEDlEKvGWH7L86hK57kP+BdpVkjiuRA7jtVZ/
351wVSzD8mUv3IT6YAN3Xe8ZRRm1wkrjgaF8tPVLDC3IAqgq7PRGKF6YMdYdC3VtO4J
352pfLhODzOmQEWgHTq/6avc2AkvOCdtOEyJNayEFcGhWGKoSkEXKt3UF5+UPn2XFyO
353hSmJErVCPQv6E8iwsAc1ugRZuEubiP0dp1RLiyLoPW8Pmzm2bidp55Tkm7zfqjjk
354O4h2j0/57jEg1LPNvtUTFgZr0ULj3tOxoSTmesc=
355-----END CERTIFICATE-----
356
357--------------------------------------------------
358[+] Collecting Information Disclosure!
359[#] Detecting sitemap.xml file
360[!] sitemap.xml File Found: https://albagdad.wordpress.com/sitemap.xml
361[#] Detecting robots.txt file
362[!] robots.txt File Found: https://albagdad.wordpress.com//robots.txt
363[#] Detecting GNU Mailman
364[-] GNU Mailman App Not Detected!?
365--------------------------------------------------
366[+] Crawling Url Parameter On: https://albagdad.wordpress.com/
367--------------------------------------------------
368[#] Searching Html Form !
369[+] Html Form Discovered
370[#] action: None
371[#] class: None
372[#] id: None
373[#] method: post
374--------------------------------------------------
375[!] Found 6 dom parameter
376[#] https://albagdad.wordpress.com//#main
377[#] https://albagdad.wordpress.com//#
378[#] https://albagdad.wordpress.com//#directions
379[#] https://m.facebook.com/story.php?story_fbid=2163447390539531&id=100006228738371
380[#] https://m.facebook.com/story.php?story_fbid=2135289683355302&id=100006228738371
381[#] https://albagdad.wordpress.com///#respond
382--------------------------------------------------
383[!] 9 Internal Dynamic Parameter Discovered
384[+] https://albagdad.wordpress.com/xmlrpc.php?rsd
385[+] https://wordpress.com/?ref=footer_blog
386[+] https://wordpress.com/?ref=footer_website
387[+] https://wordpress.com/?ref=vertical_footer
388[+] https://albagdad.files.wordpress.com/2018/07/wp-1532349988288.jpg?w=32
389[+] https://albagdad.files.wordpress.com/2018/07/wp-1532349988288.jpg?w=192
390[+] https://albagdad.files.wordpress.com/2018/07/wp-1532349988288.jpg?w=180
391[+] https://wordpress.com/?ref=footer_website
392[+] https://wordpress.com/?ref=marketing_bar
393--------------------------------------------------
394[!] 2 External Dynamic Parameter Discovered
395[#] https://m.facebook.com/story.php?story_fbid=2163447390539531&id=100006228738371
396[#] https://m.facebook.com/story.php?story_fbid=2135289683355302&id=100006228738371
397--------------------------------------------------
398[!] 73 Internal links Discovered
399[+] https://albagdad.wordpress.com/xmlrpc.php
400[+] https://albagdad.wordpress.com/feed/
401[+] https://albagdad.wordpress.com/comments/feed/
402[+] https://albagdad.wordpress.com/osd.xml
403[+] https://wordpress.com/advertising-program-optout
404[+] https://albagdad.wordpress.com/
405[+] https://albagdad.wordpress.com/
406[+] https://albagdad.wordpress.com/%e0%a6%95%e0%a7%8b%e0%a6%b0%e0%a6%86%e0%a6%a8/
407[+] https://albagdad.wordpress.com/%e0%a6%96%e0%a6%be%e0%a6%b0%e0%a7%87%e0%a6%9c%e0%a7%80/
408[+] https://albagdad.wordpress.com/%e0%a6%a8%e0%a6%bf%e0%a6%89%e0%a6%9c/
409[+] https://albagdad.wordpress.com/%e0%a6%aa%e0%a7%8d%e0%a6%b0%e0%a6%ac%e0%a6%a8%e0%a7%8d%e0%a6%a7/
410[+] https://albagdad.wordpress.com/%e0%a6%ab%e0%a6%bf%e0%a6%95%e0%a7%8d%e0%a6%ac%e0%a6%b9%e0%a7%8d-%e0%a6%93-%e0%a6%ab%e0%a6%a4%e0%a7%8b%e0%a7%9f%e0%a6%be/
411[+] https://albagdad.wordpress.com/%e0%a6%ae%e0%a7%81%e0%a7%8d%e0%a6%9c%e0%a6%be%e0%a6%b9%e0%a7%80%e0%a6%a6%e0%a6%bf%e0%a6%a8-%e0%a6%ac%e0%a6%be%e0%a6%b0%e0%a7%8d%e0%a6%a4%e0%a6%be/
412[+] https://albagdad.wordpress.com/%e0%a6%ae%e0%a7%8c%e0%a6%a6%e0%a7%81%e0%a6%a6%e0%a7%80-2/
413[+] https://albagdad.wordpress.com/%e0%a6%af%e0%a7%81%e0%a6%a6%e0%a7%8d%e0%a6%a7%e0%a7%87%e0%a6%b0-%e0%a6%aa%e0%a7%82%e0%a6%b0%e0%a7%8d%e0%a6%ac%e0%a7%87-%e0%a6%ac%e0%a6%bf%e0%a6%a7%e0%a6%b0%e0%a7%8d%e0%a6%ae%e0%a7%80%e0%a6%a6%e0%a7%87/
414[+] https://albagdad.wordpress.com/home/
415[+] https://albagdad.wordpress.com/2019/12/22/%e0%a6%aa%e0%a7%8d%e0%a6%b0%e0%a6%9a%e0%a6%b2%e0%a6%bf%e0%a6%a4-%e0%a6%a4%e0%a6%be%e0%a6%ac%e0%a6%b2%e0%a7%80%e0%a6%97-%e0%a6%9c%e0%a6%be%e0%a6%ae%e0%a6%be%e0%a6%a4-%e0%a6%a8%e0%a6%bf%e0%a7%9f/
416[+] https://albagdad.wordpress.com/2019/12/07/%e0%a6%a6%e0%a6%b2%e0%a6%be%e0%a6%a8%e0%a7%8d%e0%a6%a7%e0%a6%a4%e0%a6%be%e0%a6%b0-%e0%a6%95%e0%a6%be%e0%a6%b0%e0%a6%97%e0%a7%81%e0%a6%9c%e0%a6%be%e0%a6%b0%e0%a7%80/
417[+] https://albagdad.wordpress.com/2019/11/14/%e0%a6%9c%e0%a6%bf%e0%a6%b9%e0%a6%be%e0%a6%a6%e0%a7%87-%e0%a6%a8%e0%a6%be%e0%a6%b0%e0%a7%80%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%ad%e0%a7%82%e0%a6%ae%e0%a6%bf%e0%a6%95%e0%a6%be-%e0%a7%aa/
418[+] https://albagdad.wordpress.com/2019/11/13/%e0%a6%9c%e0%a6%bf%e0%a6%b9%e0%a6%be%e0%a6%a6%e0%a7%87-%e0%a6%a8%e0%a6%be%e0%a6%b0%e0%a7%80%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%ad%e0%a7%82%e0%a6%ae%e0%a6%bf%e0%a6%95%e0%a6%be-%e0%a7%a9/
419[+] https://albagdad.wordpress.com/2019/11/13/%e0%a6%9c%e0%a6%bf%e0%a6%b9%e0%a6%be%e0%a6%a6%e0%a7%87-%e0%a6%a8%e0%a6%be%e0%a6%b0%e0%a7%80%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%ad%e0%a7%82%e0%a6%ae%e0%a6%bf%e0%a6%95%e0%a6%be-%e0%a7%a8/
420[+] https://albagdad.wordpress.com/2019/11/11/%e0%a6%9c%e0%a6%bf%e0%a6%b9%e0%a6%be%e0%a6%a6%e0%a7%87-%e0%a6%a8%e0%a6%be%e0%a6%b0%e0%a7%80%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%ad%e0%a7%82%e0%a6%ae%e0%a6%bf%e0%a6%95%e0%a6%be-%e0%a7%a7/
421[+] https://albagdad.wordpress.com/2019/11/10/%e0%a6%a4%e0%a6%be%e0%a6%97%e0%a7%81%e0%a6%a4%e0%a6%95%e0%a7%87-%e0%a6%ae%e0%a6%be%e0%a6%a8%e0%a6%a8%e0%a7%80%e0%a7%9f-%e0%a6%ac%e0%a6%b2%e0%a6%be-%e0%a6%9c%e0%a6%be%e0%a7%9f%e0%a7%87%e0%a6%9c/
422[+] https://albagdad.wordpress.com/2019/11/03/%e0%a6%85%e0%a6%b6%e0%a6%be%e0%a6%b2%e0%a7%80%e0%a6%a8-%e0%a6%86%e0%a6%9c%e0%a6%95%e0%a7%87%e0%a6%b0-%e0%a6%b8%e0%a6%ae%e0%a6%be%e0%a6%9c%e0%a6%9f%e0%a6%be%e0%a5%a4%e0%a6%95%e0%a6%ac%e0%a6%bf/
423[+] https://albagdad.wordpress.com/2019/11/03/%e0%a6%aa%e0%a7%8d%e0%a6%b0%e0%a6%a4%e0%a6%bf%e0%a6%a6%e0%a6%bf%e0%a6%a8-%e0%a6%95%e0%a6%a4%e0%a6%87%e0%a6%a8%e0%a6%be-%e0%a6%ac%e0%a7%8d%e0%a6%af%e0%a6%b8%e0%a7%8d%e0%a6%a4%e0%a6%a4%e0%a6%be/
424[+] https://albagdad.wordpress.com/2019/11/03/%e0%a6%b0%e0%a6%be%e0%a6%9c%e0%a6%aa%e0%a6%a5-%e0%a6%b0%e0%a6%9e%e0%a7%8d%e0%a6%9c%e0%a6%bf%e0%a6%a4-%e0%a6%b0%e0%a6%95%e0%a7%8d%e0%a6%a4%e0%a7%87-%e0%a6%86%e0%a6%9c/
425[+] https://albagdad.wordpress.com/2019/10/26/%e0%a6%96%e0%a7%8b%e0%a6%b2%e0%a6%be-%e0%a6%9a%e0%a6%bf%e0%a6%a0%e0%a6%bf%e0%a5%a4-%e0%a6%ae%e0%a7%81%e0%a6%ab%e0%a6%a4%e0%a7%80-%e0%a6%ae%e0%a6%be%e0%a6%b8%e0%a7%81%e0%a6%ae-%e0%a6%ac%e0%a7%80/
426[+] https://albagdad.wordpress.com/2019/06/18/%e0%a6%ac%e0%a6%bf%e0%a6%ac%e0%a6%be%e0%a6%b9%e0%a7%87%e0%a6%b0-%e0%a6%b8%e0%a7%81%e0%a6%a8%e0%a7%8d%e0%a6%a8%e0%a6%be%e0%a6%b9-%e0%a6%b8%e0%a6%ae%e0%a7%82%e0%a6%b9/
427[+] https://albagdad.wordpress.com/2019/06/12/%e0%a6%a6%e0%a6%bf%e0%a6%a8%e0%a7%87-%e0%a6%a6%e0%a6%bf%e0%a6%a8%e0%a7%87-%e0%a6%ae%e0%a7%81%e0%a6%b8%e0%a6%b2%e0%a6%ae%e0%a6%be%e0%a6%a8%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%85%e0%a6%ac%e0%a6%b8/
428[+] https://albagdad.wordpress.com/2019/06/04/%e0%a6%88%e0%a6%a6-%e0%a6%96%e0%a7%81%e0%a6%b6%e0%a7%80%e0%a6%b0-%e0%a6%b9%e0%a6%ac%e0%a7%87-%e0%a6%b8%e0%a7%87%e0%a6%a6%e0%a6%bf%e0%a6%a8/
429[+] https://albagdad.wordpress.com/2019/06/03/%e0%a6%a8%e0%a6%be%e0%a6%b8%e0%a7%8d%e0%a6%a4%e0%a6%bf%e0%a6%95-%e0%a6%a7%e0%a6%b0-%e0%a6%9c%e0%a6%ac%e0%a6%be%e0%a6%87-%e0%a6%95%e0%a6%b0/
430[+] https://albagdad.wordpress.com
431[+] https://albagdad.wordpress.com/author/albagdad/
432[+] https://albagdad.wordpress.com/author/albagdad/
433[+] https://albagdad.wordpress.com/2019/12/22/%e0%a6%aa%e0%a7%8d%e0%a6%b0%e0%a6%9a%e0%a6%b2%e0%a6%bf%e0%a6%a4-%e0%a6%a4%e0%a6%be%e0%a6%ac%e0%a6%b2%e0%a7%80%e0%a6%97-%e0%a6%9c%e0%a6%be%e0%a6%ae%e0%a6%be%e0%a6%a4-%e0%a6%a8%e0%a6%bf%e0%a7%9f/
434[+] https://albagdad.wordpress.com/2019/12/22/%e0%a6%aa%e0%a7%8d%e0%a6%b0%e0%a6%9a%e0%a6%b2%e0%a6%bf%e0%a6%a4-%e0%a6%a4%e0%a6%be%e0%a6%ac%e0%a6%b2%e0%a7%80%e0%a6%97-%e0%a6%9c%e0%a6%be%e0%a6%ae%e0%a6%be%e0%a6%a4-%e0%a6%a8%e0%a6%bf%e0%a7%9f/
435[+] https://albagdad.wordpress.com/author/albagdad/
436[+] https://albagdad.wordpress.com/author/albagdad/
437[+] https://albagdad.wordpress.com/2019/12/07/%e0%a6%a6%e0%a6%b2%e0%a6%be%e0%a6%a8%e0%a7%8d%e0%a6%a7%e0%a6%a4%e0%a6%be%e0%a6%b0-%e0%a6%95%e0%a6%be%e0%a6%b0%e0%a6%97%e0%a7%81%e0%a6%9c%e0%a6%be%e0%a6%b0%e0%a7%80/
438[+] https://albagdad.wordpress.com/2019/12/07/%e0%a6%a6%e0%a6%b2%e0%a6%be%e0%a6%a8%e0%a7%8d%e0%a6%a7%e0%a6%a4%e0%a6%be%e0%a6%b0-%e0%a6%95%e0%a6%be%e0%a6%b0%e0%a6%97%e0%a7%81%e0%a6%9c%e0%a6%be%e0%a6%b0%e0%a7%80/
439[+] https://albagdad.wordpress.com/author/albagdad/
440[+] https://albagdad.wordpress.com/author/albagdad/
441[+] https://albagdad.wordpress.com/2019/11/14/%e0%a6%9c%e0%a6%bf%e0%a6%b9%e0%a6%be%e0%a6%a6%e0%a7%87-%e0%a6%a8%e0%a6%be%e0%a6%b0%e0%a7%80%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%ad%e0%a7%82%e0%a6%ae%e0%a6%bf%e0%a6%95%e0%a6%be-%e0%a7%aa/
442[+] https://albagdad.wordpress.com/2019/11/14/%e0%a6%9c%e0%a6%bf%e0%a6%b9%e0%a6%be%e0%a6%a6%e0%a7%87-%e0%a6%a8%e0%a6%be%e0%a6%b0%e0%a7%80%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%ad%e0%a7%82%e0%a6%ae%e0%a6%bf%e0%a6%95%e0%a6%be-%e0%a7%aa/
443[+] https://albagdad.wordpress.com/author/albagdad/
444[+] https://albagdad.wordpress.com/author/albagdad/
445[+] https://albagdad.wordpress.com/2019/11/13/%e0%a6%9c%e0%a6%bf%e0%a6%b9%e0%a6%be%e0%a6%a6%e0%a7%87-%e0%a6%a8%e0%a6%be%e0%a6%b0%e0%a7%80%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%ad%e0%a7%82%e0%a6%ae%e0%a6%bf%e0%a6%95%e0%a6%be-%e0%a7%a9/
446[+] https://albagdad.wordpress.com/2019/11/13/%e0%a6%9c%e0%a6%bf%e0%a6%b9%e0%a6%be%e0%a6%a6%e0%a7%87-%e0%a6%a8%e0%a6%be%e0%a6%b0%e0%a7%80%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%ad%e0%a7%82%e0%a6%ae%e0%a6%bf%e0%a6%95%e0%a6%be-%e0%a7%a9/
447[+] https://albagdad.wordpress.com/author/albagdad/
448[+] https://albagdad.wordpress.com/author/albagdad/
449[+] https://albagdad.wordpress.com/2019/11/13/%e0%a6%9c%e0%a6%bf%e0%a6%b9%e0%a6%be%e0%a6%a6%e0%a7%87-%e0%a6%a8%e0%a6%be%e0%a6%b0%e0%a7%80%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%ad%e0%a7%82%e0%a6%ae%e0%a6%bf%e0%a6%95%e0%a6%be-%e0%a7%a8/
450[+] https://albagdad.wordpress.com/2019/11/13/%e0%a6%9c%e0%a6%bf%e0%a6%b9%e0%a6%be%e0%a6%a6%e0%a7%87-%e0%a6%a8%e0%a6%be%e0%a6%b0%e0%a7%80%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%ad%e0%a7%82%e0%a6%ae%e0%a6%bf%e0%a6%95%e0%a6%be-%e0%a7%a8/
451[+] https://albagdad.wordpress.com/author/albagdad/
452[+] https://albagdad.wordpress.com/author/albagdad/
453[+] https://albagdad.wordpress.com/2019/11/11/%e0%a6%9c%e0%a6%bf%e0%a6%b9%e0%a6%be%e0%a6%a6%e0%a7%87-%e0%a6%a8%e0%a6%be%e0%a6%b0%e0%a7%80%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%ad%e0%a7%82%e0%a6%ae%e0%a6%bf%e0%a6%95%e0%a6%be-%e0%a7%a7/
454[+] https://albagdad.wordpress.com/2019/11/11/%e0%a6%9c%e0%a6%bf%e0%a6%b9%e0%a6%be%e0%a6%a6%e0%a7%87-%e0%a6%a8%e0%a6%be%e0%a6%b0%e0%a7%80%e0%a6%a6%e0%a7%87%e0%a6%b0-%e0%a6%ad%e0%a7%82%e0%a6%ae%e0%a6%bf%e0%a6%95%e0%a6%be-%e0%a7%a7/
455[+] https://albagdad.wordpress.com/author/albagdad/
456[+] https://albagdad.wordpress.com/author/albagdad/
457[+] https://albagdad.wordpress.com/2019/11/10/%e0%a6%a4%e0%a6%be%e0%a6%97%e0%a7%81%e0%a6%a4%e0%a6%95%e0%a7%87-%e0%a6%ae%e0%a6%be%e0%a6%a8%e0%a6%a8%e0%a7%80%e0%a7%9f-%e0%a6%ac%e0%a6%b2%e0%a6%be-%e0%a6%9c%e0%a6%be%e0%a7%9f%e0%a7%87%e0%a6%9c/
458[+] https://albagdad.wordpress.com/2019/11/10/%e0%a6%a4%e0%a6%be%e0%a6%97%e0%a7%81%e0%a6%a4%e0%a6%95%e0%a7%87-%e0%a6%ae%e0%a6%be%e0%a6%a8%e0%a6%a8%e0%a7%80%e0%a7%9f-%e0%a6%ac%e0%a6%b2%e0%a6%be-%e0%a6%9c%e0%a6%be%e0%a7%9f%e0%a7%87%e0%a6%9c/
459[+] https://albagdad.wordpress.com/author/albagdad/
460[+] https://albagdad.wordpress.com/author/albagdad/
461[+] https://albagdad.wordpress.com/2019/11/03/%e0%a6%85%e0%a6%b6%e0%a6%be%e0%a6%b2%e0%a7%80%e0%a6%a8-%e0%a6%86%e0%a6%9c%e0%a6%95%e0%a7%87%e0%a6%b0-%e0%a6%b8%e0%a6%ae%e0%a6%be%e0%a6%9c%e0%a6%9f%e0%a6%be%e0%a5%a4%e0%a6%95%e0%a6%ac%e0%a6%bf/
462[+] https://albagdad.wordpress.com/2019/11/03/%e0%a6%85%e0%a6%b6%e0%a6%be%e0%a6%b2%e0%a7%80%e0%a6%a8-%e0%a6%86%e0%a6%9c%e0%a6%95%e0%a7%87%e0%a6%b0-%e0%a6%b8%e0%a6%ae%e0%a6%be%e0%a6%9c%e0%a6%9f%e0%a6%be%e0%a5%a4%e0%a6%95%e0%a6%ac%e0%a6%bf/
463[+] https://albagdad.wordpress.com/author/albagdad/
464[+] https://albagdad.wordpress.com/author/albagdad/
465[+] https://albagdad.wordpress.com/2019/11/03/%e0%a6%aa%e0%a7%8d%e0%a6%b0%e0%a6%a4%e0%a6%bf%e0%a6%a6%e0%a6%bf%e0%a6%a8-%e0%a6%95%e0%a6%a4%e0%a6%87%e0%a6%a8%e0%a6%be-%e0%a6%ac%e0%a7%8d%e0%a6%af%e0%a6%b8%e0%a7%8d%e0%a6%a4%e0%a6%a4%e0%a6%be/
466[+] https://albagdad.wordpress.com/2019/11/03/%e0%a6%aa%e0%a7%8d%e0%a6%b0%e0%a6%a4%e0%a6%bf%e0%a6%a6%e0%a6%bf%e0%a6%a8-%e0%a6%95%e0%a6%a4%e0%a6%87%e0%a6%a8%e0%a6%be-%e0%a6%ac%e0%a7%8d%e0%a6%af%e0%a6%b8%e0%a7%8d%e0%a6%a4%e0%a6%a4%e0%a6%be/
467[+] https://albagdad.wordpress.com/author/albagdad/
468[+] https://albagdad.wordpress.com/author/albagdad/
469[+] https://albagdad.wordpress.com/2019/11/03/%e0%a6%b0%e0%a6%be%e0%a6%9c%e0%a6%aa%e0%a6%a5-%e0%a6%b0%e0%a6%9e%e0%a7%8d%e0%a6%9c%e0%a6%bf%e0%a6%a4-%e0%a6%b0%e0%a6%95%e0%a7%8d%e0%a6%a4%e0%a7%87-%e0%a6%86%e0%a6%9c/
470[+] https://albagdad.wordpress.com/2019/11/03/%e0%a6%b0%e0%a6%be%e0%a6%9c%e0%a6%aa%e0%a6%a5-%e0%a6%b0%e0%a6%9e%e0%a7%8d%e0%a6%9c%e0%a6%bf%e0%a6%a4-%e0%a6%b0%e0%a6%95%e0%a7%8d%e0%a6%a4%e0%a7%87-%e0%a6%86%e0%a6%9c/
471[+] https://albagdad.wordpress.com/page/2/
472--------------------------------------------------
473[!] 4 External links Discovered
474[#] https://s1.wp.com/wp-includes/wlwmanifest.xml
475[#] https://s1.wp.com/opensearch.xml
476[#] https://akismet.com/privacy/
477[#] https://automattic.com/cookies
478--------------------------------------------------
479[#] Mapping Subdomain..
480[!] Found 100 Subdomain
481- wordpress.com
482- einheit11.wordpress.com
483- s1.wordpress.com
484- rojbas1.wordpress.com
485- ns1.wordpress.com
486- mdns1.wordpress.com
487- s2.wordpress.com
488- rojbas2.wordpress.com
489- ns2.wordpress.com
490- mdns2.wordpress.com
491- s3.wordpress.com
492- ns3.wordpress.com
493- mdns3.wordpress.com
494- ns4.wordpress.com
495- mdns4.wordpress.com
496- ns5.wordpress.com
497- ns6.wordpress.com
498- dca.wordpress.com
499- smtp1-1.dca.wordpress.com
500- smtp2-1.dca.wordpress.com
501- smtp3-1.dca.wordpress.com
502- smtp1.dca.wordpress.com
503- smtp-backup-out1.dca.wordpress.com
504- smtp1-2.dca.wordpress.com
505- smtp2-2.dca.wordpress.com
506- smtp3-2.dca.wordpress.com
507- smtp2.dca.wordpress.com
508- smtp-backup-out2.dca.wordpress.com
509- smtp3.dca.wordpress.com
510- smtp4.dca.wordpress.com
511- smtp1-fwd.dca.wordpress.com
512- help.tatum.dca.wordpress.com
513- smtp-backup.dca.wordpress.com
514- janosjarda.wordpress.com
515- bibliotekaislama.wordpress.com
516- hizbua.wordpress.com
517- lb.wordpress.com
518- mapped-lb.wordpress.com
519- vip-lb.wordpress.com
520- noc1.iad.wordpress.com
521- altauhid.wordpress.com
522- smtp-fwd.wordpress.com
523- znaniavislame.wordpress.com
524- pirtukxane.wordpress.com
525- tawhidonline.wordpress.com
526- pkkonline.wordpress.com
527- smithinstitute.wordpress.com
528- apeatling.wordpress.com
529- putinbog.wordpress.com
530- khilafahdaulahislamiyyah.wordpress.com
531- raffaellopantucci.wordpress.com
532- public-api.wordpress.com
533- xalifati.wordpress.com
534- jetpack.wordpress.com
535- akhbardawlatalislam.wordpress.com
536- alaninform.wordpress.com
537- thomasnegovan.wordpress.com
538- peaceinkurdistancampaign.wordpress.com
539- r-login.wordpress.com
540- horizon.wordpress.com
541- vip-svn.wordpress.com
542- abrorinfo.wordpress.com
543- wpcalypso.wordpress.com
544- beatcensorship.wordpress.com
545- vip.wordpress.com
546- xmpp.wordpress.com
547- signup.wordpress.com
548- panteidar.wordpress.com
549- refer.wordpress.com
550- tr.wordpress.com
551- bur.wordpress.com
552- smtp1-1.bur.wordpress.com
553- smtp2-1.bur.wordpress.com
554- smtp3-1.bur.wordpress.com
555- smtp1.bur.wordpress.com
556- smtp-backup-out1.bur.wordpress.com
557- mx1.bur.wordpress.com
558- smtp1-2.bur.wordpress.com
559- smtp2-2.bur.wordpress.com
560- smtp3-2.bur.wordpress.com
561- smtp2.bur.wordpress.com
562- smtp-backup-out2.bur.wordpress.com
563- smtp1-3.bur.wordpress.com
564- smtp2-3.bur.wordpress.com
565- smtp3-3.bur.wordpress.com
566- smtp3.bur.wordpress.com
567- smtp-backup-out3.bur.wordpress.com
568- smtp4.bur.wordpress.com
569- smtp-backup.bur.wordpress.com
570- mogilefs.bur.wordpress.com
571- s.wordpress.com
572- files.wordpress.com
573- tctechcrunch2011.files.wordpress.com
574- s1.files.wordpress.com
575- pgoaamericanprofile2.files.wordpress.com
576- metrouk2.files.wordpress.com
577- s2.files.wordpress.com
578- s3.files.wordpress.com
579- s4.files.wordpress.com
580- s5.files.wordpress.com
581--------------------------------------------------
582[!] Done At 2020-01-14 13:37:19.032595
583#######################################################################################################################################
584Trying "albagdad.wordpress.com"
585;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65136
586;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 8
587
588;; QUESTION SECTION:
589;albagdad.wordpress.com. IN ANY
590
591;; ANSWER SECTION:
592albagdad.wordpress.com. 14400 IN CNAME lb.wordpress.com.
593
594;; AUTHORITY SECTION:
595wordpress.com. 7976 IN NS ns2.wordpress.com.
596wordpress.com. 7976 IN NS ns1.wordpress.com.
597wordpress.com. 7976 IN NS ns4.wordpress.com.
598wordpress.com. 7976 IN NS ns3.wordpress.com.
599
600;; ADDITIONAL SECTION:
601ns1.wordpress.com. 31227 IN AAAA 2a04:fa87:ffff::c6b5:7409
602ns2.wordpress.com. 31227 IN AAAA 2a04:fa87:ffff::c6b5:7509
603ns3.wordpress.com. 31227 IN AAAA 2620:115:c00f::c000:4a09
604ns4.wordpress.com. 25879 IN AAAA 2620:115:c00f::c000:4b09
605ns1.wordpress.com. 18349 IN A 198.181.116.9
606ns2.wordpress.com. 18349 IN A 198.181.117.9
607ns3.wordpress.com. 19079 IN A 192.0.74.9
608ns4.wordpress.com. 25879 IN A 192.0.75.9
609
610Received 305 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 51 ms
611#####################################################################################################################################
612; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace albagdad.wordpress.com any
613;; global options: +cmd
614. 81351 IN NS g.root-servers.net.
615. 81351 IN NS l.root-servers.net.
616. 81351 IN NS j.root-servers.net.
617. 81351 IN NS k.root-servers.net.
618. 81351 IN NS h.root-servers.net.
619. 81351 IN NS i.root-servers.net.
620. 81351 IN NS m.root-servers.net.
621. 81351 IN NS e.root-servers.net.
622. 81351 IN NS c.root-servers.net.
623. 81351 IN NS d.root-servers.net.
624. 81351 IN NS a.root-servers.net.
625. 81351 IN NS b.root-servers.net.
626. 81351 IN NS f.root-servers.net.
627. 81351 IN RRSIG NS 8 0 518400 20200127050000 20200114040000 33853 . EepI4SUpGg0odBX8ERSigFjrDmiWEiv+o8XclWm3ACKVa4tkz4ytlPDB rZenNpTY3yxb9kuDcqpQxpiyXMJQPAsEgKSwUS9Ns2YsBNkeVhuir3IW 63NfqFTjMVcIkPJoNLj8cME0siZDjKXVcBfwxITPvUkjjSgJWgbugWYw /RiQDpJEost0kAIEBECjhOMJWCGOdGqQ82KRZ7bKcLDMUTpekBTuchzf NLhf65/g/eLTURcxW1wOAi5N4tzXfnBUCor7mp83TFZGhuhXbJZsPPsi sWTTcw8Gcgj9qZY2qkpHlBeA9DNk471WtBjq6DFBATdHl35wxBrEiKTX TOPEYA==
628;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 139 ms
629
630com. 172800 IN NS k.gtld-servers.net.
631com. 172800 IN NS d.gtld-servers.net.
632com. 172800 IN NS g.gtld-servers.net.
633com. 172800 IN NS i.gtld-servers.net.
634com. 172800 IN NS f.gtld-servers.net.
635com. 172800 IN NS a.gtld-servers.net.
636com. 172800 IN NS e.gtld-servers.net.
637com. 172800 IN NS j.gtld-servers.net.
638com. 172800 IN NS l.gtld-servers.net.
639com. 172800 IN NS m.gtld-servers.net.
640com. 172800 IN NS h.gtld-servers.net.
641com. 172800 IN NS b.gtld-servers.net.
642com. 172800 IN NS c.gtld-servers.net.
643com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
644com. 86400 IN RRSIG DS 8 1 86400 20200127170000 20200114160000 33853 . JN725WRPz3VS85b7spSQUwt9rl32Iao4EXdzaRNKAMcZywBAsuGU9IMN 71ZPiYwJUD4Efb/sndXYJrhvgyhBYLAwqeNzUzpvah/yNaNIabzLXors O+JHHu5h/qMPC3Pf63drhyYyrkEPcK1rH4OwWDVUOhnAyWXBtjAQtrWE APu69Yif9BfLYoOTw3zR2xK7JnU2Jjz3yHva9oyCFvtgsDvkkqsm5gwJ Qu++jjj1i0eFBvFbrylhNTGtmJeU5QiIx2PJXA6Z+PWMeeJehY/7APnk YGGPHTiytY/wuygkv89yw3Rs/bpcWhrD1Yh3ay1lwE5ad/LSd4ztYTcX cn+CVQ==
645;; Received 1210 bytes from 2001:500:2::c#53(c.root-servers.net) in 36 ms
646
647wordpress.com. 172800 IN NS ns1.wordpress.com.
648wordpress.com. 172800 IN NS ns2.wordpress.com.
649wordpress.com. 172800 IN NS ns3.wordpress.com.
650wordpress.com. 172800 IN NS ns4.wordpress.com.
651CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
652CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200118054808 20200111043808 12163 com. mJDVyBXNFu4QvSm0aiiGqYePcLyOMfDG98KMTklwbotug692+YknzpTG ItGMpe3j/gtjgR3jHhqerUbLBcpBvVXV0fBzbvK9T0Aq1y3+GDFlMpca AI2lyZRU8vW6LktxyxklKmfsw63i012yukjg1Lg4lZRQZ08WVSFMV+pJ svYqBKt3hagff6Sk9ceIyr70dEaI8lAH9z2QTI5DZOdFuQ==
6537TFREVBJL4RAANVLQ22GT5V59GTT1P0G.com. 86400 IN NSEC3 1 1 0 - 7TFS2UADM281CSPGJA3F36MIHQCGPCCS NS DS RRSIG
6547TFREVBJL4RAANVLQ22GT5V59GTT1P0G.com. 86400 IN RRSIG NSEC3 8 2 86400 20200120071411 20200113060411 12163 com. gcZr8nVRMPbL0ILFuHSEzKoetg4OH5RqCmhJesd4wh7Y0KLbElF2tWVt PMW5Nd0ZCvOI930nY2q2/rVx8vkGO+B7VX73vMSqqtDe3AIJ2F3MZPaG zLaawcT97ykkMp3NAzrzKmPH1s23nCb+bae19wDZDqNG0qeCfvJYzavf ZX8lNUmNoX5SqsqVSCg8znjXXz6dSH9qWWR4dz7S+UKzZw==
655;; Received 848 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 50 ms
656
657lb.wordpress.com. 300 IN A 192.0.78.12
658lb.wordpress.com. 300 IN A 192.0.78.13
659albagdad.wordpress.com. 14400 IN CNAME lb.wordpress.com.
660;; Received 100 bytes from 2a04:fa87:ffff::c6b5:7409#53(ns1.wordpress.com) in 38 ms
661######################################################################################################################################
662[*] Processing domain albagdad.wordpress.com
663[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
664[+] Getting nameservers
665[-] Getting nameservers failed
666[-] Zone transfer failed
667
668[+] Wildcard domain found - 192.0.78.13
669[+] Wildcard domain found - 192.0.78.12
670[*] Scanning albagdad.wordpress.com for A records
671######################################################################################################################################
672 AVAILABLE PLUGINS
673 -----------------
674
675 EarlyDataPlugin
676 HttpHeadersPlugin
677 OpenSslCcsInjectionPlugin
678 SessionResumptionPlugin
679 CertificateInfoPlugin
680 SessionRenegotiationPlugin
681 HeartbleedPlugin
682 CompressionPlugin
683 OpenSslCipherSuitesPlugin
684 FallbackScsvPlugin
685 RobotPlugin
686
687
688
689 CHECKING HOST(S) AVAILABILITY
690 -----------------------------
691
692 192.0.78.12:443 => 192.0.78.12
693
694
695
696
697 SCAN RESULTS FOR 192.0.78.12:443 - 192.0.78.12
698 ----------------------------------------------
699
700 * OpenSSL CCS Injection:
701 OK - Not vulnerable to OpenSSL CCS injection
702
703 * SSLV2 Cipher Suites:
704 Server rejected all cipher suites.
705
706 * TLS 1.2 Session Resumption Support:
707 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
708 With TLS Tickets: OK - Supported
709
710 * Session Renegotiation:
711 Client-initiated Renegotiation: OK - Rejected
712 Secure Renegotiation: OK - Supported
713
714 * OpenSSL Heartbleed:
715 OK - Not vulnerable to Heartbleed
716
717 * SSLV3 Cipher Suites:
718 Server rejected all cipher suites.
719
720 * Deflate Compression:
721 OK - Compression disabled
722
723 * TLSV1 Cipher Suites:
724 Forward Secrecy OK - Supported
725 RC4 OK - Not Supported
726
727 Preferred:
728 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
729 Accepted:
730 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
731 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
732 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
733 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
734 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
735
736 * TLSV1_3 Cipher Suites:
737 Forward Secrecy OK - Supported
738 RC4 OK - Not Supported
739
740 Preferred:
741 TLS_AES_256_GCM_SHA384 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
742 Accepted:
743 TLS_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
744 TLS_AES_256_GCM_SHA384 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
745 TLS_AES_128_GCM_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
746
747 * Certificate Information:
748 Content
749 SHA1 Fingerprint: 6a0f88d62d7accaf2401b77a7a689c9ffd76c4be
750 Common Name: *.wordpress.com
751 Issuer: COMODO RSA Domain Validation Secure Server CA
752 Serial Number: 222651112676221102393442739832881809512
753 Not Before: 2018-09-06 00:00:00
754 Not After: 2020-09-05 23:59:59
755 Signature Algorithm: sha256
756 Public Key Algorithm: RSA
757 Key Size: 2048
758 Exponent: 65537 (0x10001)
759 DNS Subject Alternative Names: ['*.wordpress.com', 'wordpress.com']
760
761 Trust
762 Hostname Validation: FAILED - Certificate does NOT match 192.0.78.12
763 Android CA Store (9.0.0_r9): OK - Certificate is trusted
764 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
765 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
766 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
767 Windows CA Store (2019-05-27): OK - Certificate is trusted
768 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
769 Received Chain: *.wordpress.com --> COMODO RSA Domain Validation Secure Server CA --> COMODO RSA Certification Authority
770 Verified Chain: *.wordpress.com --> COMODO RSA Domain Validation Secure Server CA --> COMODO RSA Certification Authority
771 Received Chain Contains Anchor: OK - Anchor certificate not sent
772 Received Chain Order: OK - Order is valid
773 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
774
775 Extensions
776 OCSP Must-Staple: NOT SUPPORTED - Extension not found
777 Certificate Transparency: OK - 3 SCTs included
778
779 OCSP Stapling
780 NOT SUPPORTED - Server did not send back an OCSP response
781
782 * ROBOT Attack:
783 OK - Not vulnerable
784
785 * Downgrade Attacks:
786 TLS_FALLBACK_SCSV: OK - Supported
787
788 * TLSV1_1 Cipher Suites:
789 Forward Secrecy OK - Supported
790 RC4 OK - Not Supported
791
792 Preferred:
793 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
794 Accepted:
795 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
796 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
797
798 * TLSV1_2 Cipher Suites:
799 Forward Secrecy OK - Supported
800 RC4 OK - Not Supported
801
802 Preferred:
803 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
804 Accepted:
805 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
806 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
807 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
808 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
809 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
810 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
811
812
813 SCAN COMPLETED IN 4.64 S
814 ------------------------
815#####################################################################################################################################
816 AVAILABLE PLUGINS
817 -----------------
818
819 EarlyDataPlugin
820 OpenSslCcsInjectionPlugin
821 SessionResumptionPlugin
822 CertificateInfoPlugin
823 SessionRenegotiationPlugin
824 HeartbleedPlugin
825 CompressionPlugin
826 OpenSslCipherSuitesPlugin
827 FallbackScsvPlugin
828 HttpHeadersPlugin
829 RobotPlugin
830
831
832
833 CHECKING HOST(S) AVAILABILITY
834 -----------------------------
835
836 192.0.78.13:443 => 192.0.78.13
837
838
839
840
841 SCAN RESULTS FOR 192.0.78.13:443 - 192.0.78.13
842 ----------------------------------------------
843
844 * Deflate Compression:
845 OK - Compression disabled
846
847 * OpenSSL CCS Injection:
848 OK - Not vulnerable to OpenSSL CCS injection
849
850 * SSLV2 Cipher Suites:
851 Server rejected all cipher suites.
852
853 * TLS 1.2 Session Resumption Support:
854 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
855 With TLS Tickets: OK - Supported
856
857 * SSLV3 Cipher Suites:
858 Server rejected all cipher suites.
859
860 * OpenSSL Heartbleed:
861 OK - Not vulnerable to Heartbleed
862
863 * Session Renegotiation:
864 Client-initiated Renegotiation: OK - Rejected
865 Secure Renegotiation: OK - Supported
866
867 * TLSV1 Cipher Suites:
868 Forward Secrecy OK - Supported
869 RC4 OK - Not Supported
870
871 Preferred:
872 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
873 Accepted:
874 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
875 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
876 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
877 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
878 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
879
880 * TLSV1_3 Cipher Suites:
881 Forward Secrecy OK - Supported
882 RC4 OK - Not Supported
883
884 Preferred:
885 TLS_AES_256_GCM_SHA384 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
886 Accepted:
887 TLS_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
888 TLS_AES_256_GCM_SHA384 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
889 TLS_AES_128_GCM_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
890
891 * Certificate Information:
892 Content
893 SHA1 Fingerprint: 6a0f88d62d7accaf2401b77a7a689c9ffd76c4be
894 Common Name: *.wordpress.com
895 Issuer: COMODO RSA Domain Validation Secure Server CA
896 Serial Number: 222651112676221102393442739832881809512
897 Not Before: 2018-09-06 00:00:00
898 Not After: 2020-09-05 23:59:59
899 Signature Algorithm: sha256
900 Public Key Algorithm: RSA
901 Key Size: 2048
902 Exponent: 65537 (0x10001)
903 DNS Subject Alternative Names: ['*.wordpress.com', 'wordpress.com']
904
905 Trust
906 Hostname Validation: FAILED - Certificate does NOT match 192.0.78.13
907 Android CA Store (9.0.0_r9): OK - Certificate is trusted
908 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
909 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
910 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
911 Windows CA Store (2019-05-27): OK - Certificate is trusted
912 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
913 Received Chain: *.wordpress.com --> COMODO RSA Domain Validation Secure Server CA --> COMODO RSA Certification Authority
914 Verified Chain: *.wordpress.com --> COMODO RSA Domain Validation Secure Server CA --> COMODO RSA Certification Authority
915 Received Chain Contains Anchor: OK - Anchor certificate not sent
916 Received Chain Order: OK - Order is valid
917 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
918
919 Extensions
920 OCSP Must-Staple: NOT SUPPORTED - Extension not found
921 Certificate Transparency: OK - 3 SCTs included
922
923 OCSP Stapling
924 NOT SUPPORTED - Server did not send back an OCSP response
925
926 * ROBOT Attack:
927 OK - Not vulnerable
928
929 * Downgrade Attacks:
930 TLS_FALLBACK_SCSV: OK - Supported
931
932 * TLSV1_1 Cipher Suites:
933 Forward Secrecy OK - Supported
934 RC4 OK - Not Supported
935
936 Preferred:
937 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
938 Accepted:
939 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
940 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
941
942 * TLSV1_2 Cipher Suites:
943 Forward Secrecy OK - Supported
944 RC4 OK - Not Supported
945
946 Preferred:
947 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
948 Accepted:
949 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
950 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
951 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
952 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
953 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
954 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - https://en.wordpress.com/typo/?subdomain=192
955
956
957 SCAN COMPLETED IN 4.51 S
958 ------------------------
959######################################################################################################################################
960WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
961Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 13:38 EST
962Nmap scan report for 192.0.78.12
963Host is up (0.066s latency).
964Not shown: 491 filtered ports, 3 closed ports
965Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
966PORT STATE SERVICE
96780/tcp open http
968443/tcp open https
969
970Nmap done: 1 IP address (1 host up) scanned in 4.64 seconds
971######################################################################################################################################
972Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 13:38 EST
973Nmap scan report for 192.0.78.12
974Host is up (0.047s latency).
975Not shown: 2 filtered ports
976PORT STATE SERVICE
97753/udp open|filtered domain
97867/udp open|filtered dhcps
97968/udp open|filtered dhcpc
98069/udp open|filtered tftp
98188/udp open|filtered kerberos-sec
982123/udp open|filtered ntp
983139/udp open|filtered netbios-ssn
984161/udp open|filtered snmp
985162/udp open|filtered snmptrap
986389/udp open|filtered ldap
987500/udp open|filtered isakmp
988520/udp open|filtered route
9892049/udp open|filtered nfs
990
991Nmap done: 1 IP address (1 host up) scanned in 1.95 seconds
992######################################################################################################################################
993https://automattic.com/privacy/
994https://central.wordcamp.org/
995https://developer.wordpress.com/
996https://en.forums.wordpress.com/
997https://en.support.wordpress.com/
998https://fonts.googleapis.com/css?family=Noto+Sans:400,400i,700,700i&subset=cyrillic,cyrillic-ext,devanagari,greek,greek-ext,latin-ext,vietnamese
999https://fonts.googleapis.com/css?family=Noto+Serif:400,400i,700,700i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese
1000https://ma.tt/
1001https://pixel.wp.com/b.gif?v=noscript
1002https://s1.wp.com/wp-content/themes/h4/ie6.css
1003https://s1.wp.com/wp-includes/js/dist/vendor/wp-polyfill-fetch.min.js?m=1573572739h&ver=3.0.0
1004https://store.wordpress.com/
1005https://wordpress.com/about/
1006https://wordpress.com/features/
1007https://wordpress.com/themes/
1008https://wordpress.com/tos/
1009https://wordpress.org/
1010http://www.w3.org/1999/xhtml
1011//stats.wp.com/w.js?60
1012text/css
1013text/javascript
1014#####################################################################################################################################
1015http://192.0.78.12 [302 Found] Country[UNITED STATES][US], HTTPServer[nginx], IP[192.0.78.12], RedirectLocation[http://en.wordpress.com/typo/?subdomain=192], UncommonHeaders[x-ac], nginx
1016http://en.wordpress.com/typo/?subdomain=192 [301 Moved Permanently] Country[UNITED STATES][US], HTTPServer[nginx], IP[192.0.79.32], RedirectLocation[https://en.wordpress.com/typo/?subdomain=192], Title[301 Moved Permanently], UncommonHeaders[x-ac], nginx
1017https://en.wordpress.com/typo/?subdomain=192 [200 OK] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[192.0.79.32], MetaGenerator[WordPress.com], OpenID, OpenSearch[https://en.wordpress.com/osd.xml,https://s1.wp.com/opensearch.xml], Script[text/javascript], Strict-Transport-Security[max-age=15552000], Title[WordPress.com], UncommonHeaders[x-hacker,x-ac], WordPress, X-Frame-Options[SAMEORIGIN], nginx, x-hacker[If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.]
1018######################################################################################################################################
1019wig - WebApp Information Gatherer
1020
1021
1022Scanning https://en.wordpress.com...
1023___________________________________________________ SITE INFO ____________________________________________________
1024IP Title
1025192.0.79.32 WordPress.com
1026192.0.79.33
1027
1028____________________________________________________ VERSION _____________________________________________________
1029Name Versions Type
1030WordPress 3.8 | 3.8.1 | 3.8.2 | 3.8.3 | 3.8.4 | 3.8.5 | 3.8.6 | 3.8.7 CMS
1031 3.8.8 | 3.9 | 3.9.1 | 3.9.2 | 3.9.3 | 3.9.4 | 3.9.5 | 3.9.6
1032 4.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.0.5 | 4.1 | 4.1.1
1033 4.1.2 | 4.1.3 | 4.1.4 | 4.1.5 | 4.2 | 4.2.1 | 4.2.2
1034nginx Platform
1035
1036__________________________________________________ INTERESTING ___________________________________________________
1037URL Note Type
1038/robots.txt robots.txt index Interesting
1039/install.php Installation file Interesting
1040/install.aspx Installation file Interesting
1041/install.asp Installation file Interesting
1042/install.htm Installation file Interesting
1043/install.html Installation file Interesting
1044/test.php Test file Interesting
1045/test.aspx Test file Interesting
1046/test.asp Test file Interesting
1047/test.htm Test file Interesting
1048/test.html Test file Interesting
1049/test1.php Test file Interesting
1050/test1.aspx Test file Interesting
1051/test1.asp Test file Interesting
1052/test1.htm Test file Interesting
1053/test1.html Test file Interesting
1054/old.php This might be interesting Interesting
1055/old.asp This might be interesting Interesting
1056
1057_____________________________________________________ TOOLS ______________________________________________________
1058Name Link Software
1059wpscan https://github.com/wpscanteam/wpscan WordPress
1060CMSmap https://github.com/Dionach/CMSmap WordPress
1061
1062________________________________________________ VULNERABILITIES _________________________________________________
1063Affected #Vulns Link
1064WordPress 3.8 12 http://cvedetails.com/version/162922
1065WordPress 3.8.1 12 http://cvedetails.com/version/162923
1066WordPress 3.8.2 7 http://cvedetails.com/version/176067
1067WordPress 3.8.3 7 http://cvedetails.com/version/176068
1068WordPress 3.8.4 8 http://cvedetails.com/version/176069
1069WordPress 3.9 8 http://cvedetails.com/version/176070
1070WordPress 3.9.1 15 http://cvedetails.com/version/169908
1071WordPress 3.9.2 10 http://cvedetails.com/version/176071
1072WordPress 3.9.3 1 http://cvedetails.com/version/185080
1073WordPress 4.0 9 http://cvedetails.com/version/176072
1074WordPress 4.0.1 1 http://cvedetails.com/version/185081
1075WordPress 4.1 1 http://cvedetails.com/version/185082
1076WordPress 4.1.1 2 http://cvedetails.com/version/185079
1077WordPress 4.2 1 http://cvedetails.com/version/185048
1078WordPress 4.2.1 1 http://cvedetails.com/version/184019
1079WordPress 4.2.2 2 http://cvedetails.com/version/185073
1080
1081__________________________________________________________________________________________________________________
1082Time: 7.6 sec Urls: 218 Fingerprints: 40401
1083#######################################################################################################################################
1084===============================================================
1085Gobuster v3.0.1
1086by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
1087===============================================================
1088[+] Url: http://192.0.78.12
1089[+] Threads: 10
1090[+] Wordlist: /usr/share/sniper/wordlists/vhosts.txt
1091[+] User Agent: gobuster/3.0.1
1092[+] Timeout: 10s
1093===============================================================
10942020/01/14 13:40:36 Starting gobuster
1095===============================================================
1096Found: alerts.192.0.78.12 (Status: 403) [Size: 2945]
1097Found: api.192.0.78.12 (Status: 403) [Size: 2945]
1098Found: administration.192.0.78.12 (Status: 403) [Size: 2945]
1099Found: alpha.192.0.78.12 (Status: 403) [Size: 2945]
1100Found: apache.192.0.78.12 (Status: 403) [Size: 2945]
1101Found: adserver.192.0.78.12 (Status: 403) [Size: 2945]
1102Found: apps.192.0.78.12 (Status: 403) [Size: 2945]
1103Found: appserver.192.0.78.12 (Status: 403) [Size: 2945]
1104Found: aptest.192.0.78.12 (Status: 403) [Size: 2945]
1105Found: blog.192.0.78.12 (Status: 403) [Size: 2945]
1106Found: beta.192.0.78.12 (Status: 403) [Size: 2945]
1107Found: backup.192.0.78.12 (Status: 403) [Size: 2945]
1108Found: auth.192.0.78.12 (Status: 403) [Size: 2945]
1109Found: chat.192.0.78.12 (Status: 403) [Size: 2945]
1110Found: citrix.192.0.78.12 (Status: 403) [Size: 2945]
1111Found: corp.192.0.78.12 (Status: 403) [Size: 2945]
1112Found: dashboard.192.0.78.12 (Status: 403) [Size: 2945]
1113Found: database.192.0.78.12 (Status: 403) [Size: 2945]
1114Found: demo.192.0.78.12 (Status: 403) [Size: 2945]
1115Found: devel.192.0.78.12 (Status: 403) [Size: 2945]
1116Found: development.192.0.78.12 (Status: 403) [Size: 2945]
1117Found: devtest.192.0.78.12 (Status: 403) [Size: 2945]
1118Found: dhcp.192.0.78.12 (Status: 403) [Size: 2945]
1119Found: direct.192.0.78.12 (Status: 403) [Size: 2945]
1120Found: dns2.192.0.78.12 (Status: 403) [Size: 2945]
1121Found: dns1.192.0.78.12 (Status: 403) [Size: 2945]
1122Found: exchange.192.0.78.12 (Status: 403) [Size: 2945]
1123Found: download.192.0.78.12 (Status: 403) [Size: 2945]
1124Found: eshop.192.0.78.12 (Status: 403) [Size: 2945]
1125Found: fileserver.192.0.78.12 (Status: 403) [Size: 2945]
1126Found: forum.192.0.78.12 (Status: 403) [Size: 2945]
1127Found: firewall.192.0.78.12 (Status: 403) [Size: 2945]
1128Found: help.192.0.78.12 (Status: 403) [Size: 2945]
1129Found: gw.192.0.78.12 (Status: 403) [Size: 2945]
1130Found: helpdesk.192.0.78.12 (Status: 403) [Size: 2945]
1131Found: http.192.0.78.12 (Status: 403) [Size: 2945]
1132Found: host.192.0.78.12 (Status: 403) [Size: 2945]
1133Found: home.192.0.78.12 (Status: 403) [Size: 2945]
1134Found: images.192.0.78.12 (Status: 403) [Size: 2945]
1135Found: info.192.0.78.12 (Status: 403) [Size: 2945]
1136Found: internal.192.0.78.12 (Status: 403) [Size: 2945]
1137Found: internet.192.0.78.12 (Status: 403) [Size: 2945]
1138Found: ipv6.192.0.78.12 (Status: 403) [Size: 2945]
1139Found: intranet.192.0.78.12 (Status: 403) [Size: 2945]
1140Found: intra.192.0.78.12 (Status: 403) [Size: 2945]
1141Found: ldap.192.0.78.12 (Status: 403) [Size: 2945]
1142Found: localhost.192.0.78.12 (Status: 403) [Size: 2945]
1143Found: linux.192.0.78.12 (Status: 403) [Size: 2945]
1144Found: local.192.0.78.12 (Status: 403) [Size: 2945]
1145Found: mail2.192.0.78.12 (Status: 403) [Size: 2945]
1146Found: mail.192.0.78.12 (Status: 403) [Size: 2945]
1147Found: mailgate.192.0.78.12 (Status: 403) [Size: 2945]
1148Found: manage.192.0.78.12 (Status: 403) [Size: 2945]
1149Found: mgmt.192.0.78.12 (Status: 403) [Size: 2945]
1150Found: log.192.0.78.12 (Status: 403) [Size: 2945]
1151Found: mirror.192.0.78.12 (Status: 403) [Size: 2945]
1152Found: mobile.192.0.78.12 (Status: 403) [Size: 2945]
1153Found: monitor.192.0.78.12 (Status: 403) [Size: 2945]
1154Found: mail3.192.0.78.12 (Status: 403) [Size: 2945]
1155Found: mssql.192.0.78.12 (Status: 403) [Size: 2945]
1156Found: mysql.192.0.78.12 (Status: 403) [Size: 2945]
1157Found: news.192.0.78.12 (Status: 403) [Size: 2945]
1158Found: oracle.192.0.78.12 (Status: 403) [Size: 2945]
1159Found: sharepoint.192.0.78.12 (Status: 403) [Size: 2945]
1160Found: secure.192.0.78.12 (Status: 403) [Size: 2945]
1161Found: server.192.0.78.12 (Status: 403) [Size: 2945]
1162Found: portal.192.0.78.12 (Status: 403) [Size: 2945]
1163Found: shop.192.0.78.12 (Status: 403) [Size: 2945]
1164Found: smtp.192.0.78.12 (Status: 403) [Size: 2945]
1165Found: staging.192.0.78.12 (Status: 403) [Size: 2945]
1166Found: stage.192.0.78.12 (Status: 403) [Size: 2945]
1167Found: squid.192.0.78.12 (Status: 403) [Size: 2945]
1168Found: status.192.0.78.12 (Status: 403) [Size: 2945]
1169Found: stats.192.0.78.12 (Status: 403) [Size: 2945]
1170Found: test.192.0.78.12 (Status: 403) [Size: 2945]
1171Found: test1.192.0.78.12 (Status: 403) [Size: 2945]
1172Found: testing.192.0.78.12 (Status: 403) [Size: 2945]
1173Found: syslog.192.0.78.12 (Status: 403) [Size: 2945]
1174Found: test2.192.0.78.12 (Status: 403) [Size: 2945]
1175Found: upload.192.0.78.12 (Status: 403) [Size: 2945]
1176Found: voip.192.0.78.12 (Status: 403) [Size: 2945]
1177Found: whois.192.0.78.12 (Status: 403) [Size: 2945]
1178Found: wiki.192.0.78.12 (Status: 403) [Size: 2945]
1179Found: www.192.0.78.12 (Status: 301) [Size: 162]
1180Found: www2.192.0.78.12 (Status: 403) [Size: 2945]
1181===============================================================
11822020/01/14 13:40:38 Finished
1183===============================================================
1184######################################################################################################################################
1185Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 13:40 EST
1186NSE: Loaded 162 scripts for scanning.
1187NSE: Script Pre-scanning.
1188Initiating NSE at 13:40
1189Completed NSE at 13:40, 0.00s elapsed
1190Initiating NSE at 13:40
1191Completed NSE at 13:40, 0.00s elapsed
1192Initiating Parallel DNS resolution of 1 host. at 13:40
1193Completed Parallel DNS resolution of 1 host. at 13:40, 0.02s elapsed
1194Initiating SYN Stealth Scan at 13:40
1195Scanning 192.0.78.12 [1 port]
1196Discovered open port 80/tcp on 192.0.78.12
1197Completed SYN Stealth Scan at 13:40, 0.12s elapsed (1 total ports)
1198Initiating Service scan at 13:40
1199Scanning 1 service on 192.0.78.12
1200Completed Service scan at 13:40, 5.29s elapsed (1 service on 1 host)
1201Initiating OS detection (try #1) against 192.0.78.12
1202Retrying OS detection (try #2) against 192.0.78.12
1203Initiating Traceroute at 13:40
1204Completed Traceroute at 13:40, 3.02s elapsed
1205Initiating Parallel DNS resolution of 4 hosts. at 13:40
1206Completed Parallel DNS resolution of 4 hosts. at 13:40, 0.34s elapsed
1207NSE: Script scanning 192.0.78.12.
1208Initiating NSE at 13:40
1209Completed NSE at 13:41, 23.17s elapsed
1210Initiating NSE at 13:41
1211Completed NSE at 13:41, 0.55s elapsed
1212Nmap scan report for 192.0.78.12
1213Host is up (0.072s latency).
1214
1215PORT STATE SERVICE VERSION
121680/tcp open http nginx
1217| http-brute:
1218|_ Path "/" does not require authentication
1219|_http-chrono: Request times for /typo/; avg: 292.67ms; min: 264.60ms; max: 366.83ms
1220|_http-csrf: Couldn't find any CSRF vulnerabilities.
1221|_http-date: Tue, 14 Jan 2020 18:40:51 GMT; -4s from local time.
1222|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1223|_http-dombased-xss: Couldn't find any DOM based XSS.
1224|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1225|_http-errors: Couldn't find any error pages.
1226|_http-feed: Couldn't find any feeds.
1227|_http-fetch: Please enter the complete path of the directory to save data in.
1228| http-headers:
1229| Server: nginx
1230| Date: Tue, 14 Jan 2020 18:40:56 GMT
1231| Content-Type: text/html; charset=utf-8
1232| Transfer-Encoding: chunked
1233| Connection: close
1234| Vary: Cookie
1235| Location: http://en.wordpress.com/typo/?subdomain=192
1236| X-ac: 1.yyz _dfw
1237|
1238|_ (Request type: GET)
1239|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1240| http-methods:
1241|_ Supported Methods: GET HEAD POST OPTIONS
1242|_http-mobileversion-checker: No mobile version detected.
1243|_http-passwd: ERROR: Script execution failed (use -d to debug)
1244| http-security-headers:
1245| Strict_Transport_Security:
1246| Header: Strict-Transport-Security: max-age=15552000
1247| X_Frame_Options:
1248| Header: X-Frame-Options: SAMEORIGIN
1249|_ Description: The browser must not display this content in any frame from a page of different origin than the content itself.
1250| http-sitemap-generator:
1251| Directory structure:
1252| Longest directory structure:
1253| Depth: 0
1254| Dir: /
1255| Total files found (by extension):
1256|_
1257|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1258|_http-title: Did not follow redirect to http://en.wordpress.com/typo/?subdomain=192
1259| http-vhosts:
1260|_127 names had status 400
1261| http-wordpress-enum:
1262| Search limited to top 100 themes/plugins
1263| plugins
1264| akismet
1265| bbpress 2.5.12
1266| themes
1267|_ twentyten
1268|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1269|_http-xssed: No previously reported XSS vuln.
1270| vulscan: VulDB - https://vuldb.com:
1271| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1272| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1273| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1274| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1275| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1276| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1277| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1278| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1279| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1280| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1281| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1282| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1283| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1284| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1285| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1286| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1287| [67677] nginx up to 1.7.3 SSL weak authentication
1288| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1289| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1290| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1291| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1292| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1293| [8671] nginx up to 1.4 proxy_pass denial of service
1294| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1295| [7247] nginx 1.2.6 Proxy Function spoofing
1296| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1297| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1298| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1299| [59645] nginx up to 0.8.9 Heap-based memory corruption
1300| [53592] nginx 0.8.36 memory corruption
1301| [53590] nginx up to 0.8.9 unknown vulnerability
1302| [51533] nginx 0.7.64 Terminal privilege escalation
1303| [50905] nginx up to 0.8.9 directory traversal
1304| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1305| [50043] nginx up to 0.8.10 memory corruption
1306|
1307| MITRE CVE - https://cve.mitre.org:
1308| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1309| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1310| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1311| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1312| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1313| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1314| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1315| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1316| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1317| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1318| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1319| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1320| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1321|
1322| SecurityFocus - https://www.securityfocus.com/bid/:
1323| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1324| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1325| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1326| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1327| [82230] nginx Multiple Denial of Service Vulnerabilities
1328| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1329| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1330| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1331| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1332| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1333| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1334| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1335| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1336| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1337| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1338| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1339| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1340| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1341| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1342| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1343| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1344| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1345| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1346| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1347| [40420] nginx Directory Traversal Vulnerability
1348| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1349| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1350| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1351| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1352| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1353|
1354| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1355| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1356| [84172] nginx denial of service
1357| [84048] nginx buffer overflow
1358| [83923] nginx ngx_http_close_connection() integer overflow
1359| [83688] nginx null byte code execution
1360| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1361| [82319] nginx access.log information disclosure
1362| [80952] nginx SSL spoofing
1363| [77244] nginx and Microsoft Windows request security bypass
1364| [76778] Naxsi module for Nginx nx_extract.py directory traversal
1365| [74831] nginx ngx_http_mp4_module.c buffer overflow
1366| [74191] nginx ngx_cpystrn() information disclosure
1367| [74045] nginx header response information disclosure
1368| [71355] nginx ngx_resolver_copy() buffer overflow
1369| [59370] nginx characters denial of service
1370| [59369] nginx DATA source code disclosure
1371| [59047] nginx space source code disclosure
1372| [58966] nginx unspecified directory traversal
1373| [54025] nginx ngx_http_parse.c denial of service
1374| [53431] nginx WebDAV component directory traversal
1375| [53328] Nginx CRC-32 cached domain name spoofing
1376| [53250] Nginx ngx_http_parse_complex_uri() function code execution
1377|
1378| Exploit-DB - https://www.exploit-db.com:
1379| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
1380| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
1381| [25499] nginx 1.3.9-1.4.0 DoS PoC
1382| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
1383| [14830] nginx 0.6.38 - Heap Corruption Exploit
1384| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
1385| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
1386| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
1387| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
1388| [9829] nginx 0.7.61 WebDAV directory traversal
1389|
1390| OpenVAS (Nessus) - http://www.openvas.org:
1391| [864418] Fedora Update for nginx FEDORA-2012-3846
1392| [864310] Fedora Update for nginx FEDORA-2012-6238
1393| [864209] Fedora Update for nginx FEDORA-2012-6411
1394| [864204] Fedora Update for nginx FEDORA-2012-6371
1395| [864121] Fedora Update for nginx FEDORA-2012-4006
1396| [864115] Fedora Update for nginx FEDORA-2012-3991
1397| [864065] Fedora Update for nginx FEDORA-2011-16075
1398| [863654] Fedora Update for nginx FEDORA-2011-16110
1399| [861232] Fedora Update for nginx FEDORA-2007-1158
1400| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
1401| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
1402| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
1403| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
1404| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1405| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1406| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1407| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1408| [100659] nginx Directory Traversal Vulnerability
1409| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
1410| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1411| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1412| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1413| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
1414| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1415| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
1416| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
1417| [71297] FreeBSD Ports: nginx
1418| [71276] FreeBSD Ports: nginx
1419| [71239] Debian Security Advisory DSA 2434-1 (nginx)
1420| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
1421| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
1422| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
1423| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
1424| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
1425| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
1426| [64894] FreeBSD Ports: nginx
1427| [64869] Debian Security Advisory DSA 1884-1 (nginx)
1428|
1429| SecurityTracker - https://www.securitytracker.com:
1430| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
1431| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
1432| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
1433| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
1434|
1435| OSVDB - http://www.osvdb.org:
1436| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
1437| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
1438| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
1439| [92796] nginx ngx_http_close_connection Function Crafted r->
1440| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
1441| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
1442| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
1443| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
1444| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
1445| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
1446| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
1447| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
1448| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
1449| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
1450| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
1451| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
1452| [62617] nginx Internal DNS Cache Poisoning Weakness
1453| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
1454| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
1455| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
1456| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
1457| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
1458| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
1459| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
1460| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
1461| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
1462| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
1463|_
1464Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1465Aggressive OS guesses: Linux 3.12 - 4.10 (92%), Linux 3.16 (92%), Crestron XPanel control system (90%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (90%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (88%), OpenWrt White Russian 0.9 (Linux 2.4.30) (88%), Linux 3.18 (88%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%)
1466No exact OS matches for host (test conditions non-ideal).
1467Network Distance: 5 hops
1468TCP Sequence Prediction: Difficulty=260 (Good luck!)
1469IP ID Sequence Generation: All zeros
1470
1471TRACEROUTE (using port 80/tcp)
1472HOP RTT ADDRESS
14731 65.94 ms 10.252.204.1
14742 66.03 ms 104.245.145.177
14753 66.04 ms 104.245.147.41
14764 ...
14775 66.06 ms 192.0.78.12
1478
1479NSE: Script Post-scanning.
1480Initiating NSE at 13:41
1481Completed NSE at 13:41, 0.00s elapsed
1482Initiating NSE at 13:41
1483Completed NSE at 13:41, 0.00s elapsed
1484######################################################################################################################################
1485https://192.0.78.12 [302 Found] Country[UNITED STATES][US], HTTPServer[nginx], IP[192.0.78.12], RedirectLocation[https://en.wordpress.com/typo/?subdomain=192], UncommonHeaders[x-ac], nginx
1486https://en.wordpress.com/typo/?subdomain=192 [200 OK] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[192.0.79.32], MetaGenerator[WordPress.com], OpenID, OpenSearch[https://en.wordpress.com/osd.xml,https://s1.wp.com/opensearch.xml], Script[text/javascript], Strict-Transport-Security[max-age=15552000], Title[WordPress.com], UncommonHeaders[x-hacker,x-ac], WordPress, X-Frame-Options[SAMEORIGIN], nginx, x-hacker[If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.]
1487######################################################################################################################################
1488Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 13:42 EST
1489NSE: Loaded 162 scripts for scanning.
1490NSE: Script Pre-scanning.
1491Initiating NSE at 13:42
1492Completed NSE at 13:42, 0.00s elapsed
1493Initiating NSE at 13:42
1494Completed NSE at 13:42, 0.00s elapsed
1495Initiating Parallel DNS resolution of 1 host. at 13:42
1496Completed Parallel DNS resolution of 1 host. at 13:42, 0.02s elapsed
1497Initiating SYN Stealth Scan at 13:42
1498Scanning 192.0.78.12 [1 port]
1499Discovered open port 443/tcp on 192.0.78.12
1500Completed SYN Stealth Scan at 13:42, 0.06s elapsed (1 total ports)
1501Initiating Service scan at 13:42
1502Scanning 1 service on 192.0.78.12
1503Completed Service scan at 13:42, 10.84s elapsed (1 service on 1 host)
1504Initiating OS detection (try #1) against 192.0.78.12
1505Retrying OS detection (try #2) against 192.0.78.12
1506Initiating Traceroute at 13:42
1507Completed Traceroute at 13:42, 3.01s elapsed
1508Initiating Parallel DNS resolution of 4 hosts. at 13:42
1509Completed Parallel DNS resolution of 4 hosts. at 13:42, 0.24s elapsed
1510NSE: Script scanning 192.0.78.12.
1511Initiating NSE at 13:42
1512Completed NSE at 13:43, 29.53s elapsed
1513Initiating NSE at 13:43
1514Completed NSE at 13:43, 0.67s elapsed
1515Nmap scan report for 192.0.78.12
1516Host is up (0.073s latency).
1517
1518PORT STATE SERVICE VERSION
1519443/tcp open ssl/http nginx
1520| http-brute:
1521|_ Path "/" does not require authentication
1522|_http-chrono: Request times for /typo/; avg: 448.33ms; min: 403.76ms; max: 506.86ms
1523|_http-csrf: Couldn't find any CSRF vulnerabilities.
1524|_http-date: Tue, 14 Jan 2020 18:43:00 GMT; -4s from local time.
1525|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1526|_http-dombased-xss: Couldn't find any DOM based XSS.
1527|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1528|_http-errors: Couldn't find any error pages.
1529|_http-feed: Couldn't find any feeds.
1530|_http-fetch: Please enter the complete path of the directory to save data in.
1531| http-headers:
1532| Server: nginx
1533| Date: Tue, 14 Jan 2020 18:43:05 GMT
1534| Content-Type: text/html; charset=utf-8
1535| Transfer-Encoding: chunked
1536| Connection: close
1537| Vary: Cookie
1538| Location: https://en.wordpress.com/typo/?subdomain=192
1539| X-ac: 1.yyz _dfw
1540|
1541|_ (Request type: GET)
1542|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1543| http-methods:
1544|_ Supported Methods: GET HEAD POST OPTIONS
1545|_http-mobileversion-checker: No mobile version detected.
1546|_http-passwd: ERROR: Script execution failed (use -d to debug)
1547| http-security-headers:
1548| Strict_Transport_Security:
1549| Header: Strict-Transport-Security: max-age=15552000
1550| X_Frame_Options:
1551| Header: X-Frame-Options: SAMEORIGIN
1552|_ Description: The browser must not display this content in any frame from a page of different origin than the content itself.
1553| http-sitemap-generator:
1554| Directory structure:
1555| Longest directory structure:
1556| Depth: 0
1557| Dir: /
1558| Total files found (by extension):
1559|_
1560|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1561|_http-title: Did not follow redirect to https://en.wordpress.com/typo/?subdomain=192
1562|_http-traceroute: ERROR: Script execution failed (use -d to debug)
1563|_http-userdir-enum: Potential Users: root, admin, administrator, webadmin, sysadmin, netadmin, guest, user, web, test
1564| http-vhosts:
1565|_127 names had status 400
1566| http-wordpress-enum:
1567| Search limited to top 100 themes/plugins
1568| plugins
1569| akismet
1570| bbpress 2.5.12
1571| themes
1572|_ twentyten
1573|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1574|_http-xssed: No previously reported XSS vuln.
1575| vulscan: VulDB - https://vuldb.com:
1576| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1577| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1578| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1579| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1580| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1581| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1582| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1583| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1584| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1585| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1586| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1587| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1588| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1589| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1590| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1591| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1592| [67677] nginx up to 1.7.3 SSL weak authentication
1593| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1594| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1595| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1596| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1597| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1598| [8671] nginx up to 1.4 proxy_pass denial of service
1599| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1600| [7247] nginx 1.2.6 Proxy Function spoofing
1601| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1602| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1603| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1604| [59645] nginx up to 0.8.9 Heap-based memory corruption
1605| [53592] nginx 0.8.36 memory corruption
1606| [53590] nginx up to 0.8.9 unknown vulnerability
1607| [51533] nginx 0.7.64 Terminal privilege escalation
1608| [50905] nginx up to 0.8.9 directory traversal
1609| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1610| [50043] nginx up to 0.8.10 memory corruption
1611|
1612| MITRE CVE - https://cve.mitre.org:
1613| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1614| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1615| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1616| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1617| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1618| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1619| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1620| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1621| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1622| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1623| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1624| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1625| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1626|
1627| SecurityFocus - https://www.securityfocus.com/bid/:
1628| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1629| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1630| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1631| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1632| [82230] nginx Multiple Denial of Service Vulnerabilities
1633| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1634| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1635| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1636| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1637| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1638| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1639| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1640| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1641| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1642| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1643| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1644| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1645| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1646| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1647| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1648| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1649| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1650| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1651| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1652| [40420] nginx Directory Traversal Vulnerability
1653| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1654| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1655| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1656| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1657| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1658|
1659| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1660| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1661| [84172] nginx denial of service
1662| [84048] nginx buffer overflow
1663| [83923] nginx ngx_http_close_connection() integer overflow
1664| [83688] nginx null byte code execution
1665| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1666| [82319] nginx access.log information disclosure
1667| [80952] nginx SSL spoofing
1668| [77244] nginx and Microsoft Windows request security bypass
1669| [76778] Naxsi module for Nginx nx_extract.py directory traversal
1670| [74831] nginx ngx_http_mp4_module.c buffer overflow
1671| [74191] nginx ngx_cpystrn() information disclosure
1672| [74045] nginx header response information disclosure
1673| [71355] nginx ngx_resolver_copy() buffer overflow
1674| [59370] nginx characters denial of service
1675| [59369] nginx DATA source code disclosure
1676| [59047] nginx space source code disclosure
1677| [58966] nginx unspecified directory traversal
1678| [54025] nginx ngx_http_parse.c denial of service
1679| [53431] nginx WebDAV component directory traversal
1680| [53328] Nginx CRC-32 cached domain name spoofing
1681| [53250] Nginx ngx_http_parse_complex_uri() function code execution
1682|
1683| Exploit-DB - https://www.exploit-db.com:
1684| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
1685| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
1686| [25499] nginx 1.3.9-1.4.0 DoS PoC
1687| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
1688| [14830] nginx 0.6.38 - Heap Corruption Exploit
1689| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
1690| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
1691| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
1692| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
1693| [9829] nginx 0.7.61 WebDAV directory traversal
1694|
1695| OpenVAS (Nessus) - http://www.openvas.org:
1696| [864418] Fedora Update for nginx FEDORA-2012-3846
1697| [864310] Fedora Update for nginx FEDORA-2012-6238
1698| [864209] Fedora Update for nginx FEDORA-2012-6411
1699| [864204] Fedora Update for nginx FEDORA-2012-6371
1700| [864121] Fedora Update for nginx FEDORA-2012-4006
1701| [864115] Fedora Update for nginx FEDORA-2012-3991
1702| [864065] Fedora Update for nginx FEDORA-2011-16075
1703| [863654] Fedora Update for nginx FEDORA-2011-16110
1704| [861232] Fedora Update for nginx FEDORA-2007-1158
1705| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
1706| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
1707| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
1708| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
1709| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1710| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1711| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1712| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1713| [100659] nginx Directory Traversal Vulnerability
1714| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
1715| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1716| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1717| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1718| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
1719| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1720| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
1721| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
1722| [71297] FreeBSD Ports: nginx
1723| [71276] FreeBSD Ports: nginx
1724| [71239] Debian Security Advisory DSA 2434-1 (nginx)
1725| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
1726| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
1727| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
1728| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
1729| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
1730| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
1731| [64894] FreeBSD Ports: nginx
1732| [64869] Debian Security Advisory DSA 1884-1 (nginx)
1733|
1734| SecurityTracker - https://www.securitytracker.com:
1735| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
1736| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
1737| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
1738| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
1739|
1740| OSVDB - http://www.osvdb.org:
1741| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
1742| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
1743| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
1744| [92796] nginx ngx_http_close_connection Function Crafted r->
1745| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
1746| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
1747| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
1748| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
1749| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
1750| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
1751| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
1752| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
1753| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
1754| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
1755| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
1756| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
1757| [62617] nginx Internal DNS Cache Poisoning Weakness
1758| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
1759| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
1760| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
1761| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
1762| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
1763| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
1764| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
1765| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
1766| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
1767| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
1768|_
1769Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1770Aggressive OS guesses: Linux 3.12 - 4.10 (92%), Linux 3.16 (90%), Crestron XPanel control system (90%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (90%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (88%), OpenWrt White Russian 0.9 (Linux 2.4.30) (88%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%)
1771No exact OS matches for host (test conditions non-ideal).
1772Network Distance: 5 hops
1773TCP Sequence Prediction: Difficulty=254 (Good luck!)
1774IP ID Sequence Generation: All zeros
1775
1776TRACEROUTE (using port 443/tcp)
1777HOP RTT ADDRESS
17781 72.53 ms 10.252.204.1
17792 72.79 ms 104.245.145.177
17803 72.78 ms 104.245.147.41
17814 ...
17825 72.78 ms 192.0.78.12
1783
1784NSE: Script Post-scanning.
1785Initiating NSE at 13:43
1786Completed NSE at 13:43, 0.00s elapsed
1787Initiating NSE at 13:43
1788Completed NSE at 13:43, 0.00s elapsed
1789#######################################################################################################################################
1790Version: 1.11.13-static
1791OpenSSL 1.0.2-chacha (1.0.2g-dev)
1792
1793Connected to 192.0.78.12
1794
1795Testing SSL server 192.0.78.12 on port 443 using SNI name 192.0.78.12
1796
1797 TLS Fallback SCSV:
1798Server supports TLS Fallback SCSV
1799
1800 TLS renegotiation:
1801Secure session renegotiation supported
1802
1803 TLS Compression:
1804Compression disabled
1805
1806 Heartbleed:
1807TLS 1.2 not vulnerable to heartbleed
1808TLS 1.1 not vulnerable to heartbleed
1809TLS 1.0 not vulnerable to heartbleed
1810
1811 Supported Server Cipher(s):
1812Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1813Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1814Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1815Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1816Accepted TLSv1.2 128 bits AES128-SHA256
1817Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1818Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1819Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1820Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1821Accepted TLSv1.0 128 bits AES128-SHA
1822Accepted TLSv1.0 256 bits AES256-SHA
1823Accepted TLSv1.0 112 bits DES-CBC3-SHA
1824
1825 SSL Certificate:
1826Signature Algorithm: sha256WithRSAEncryption
1827RSA Key Strength: 2048
1828
1829Subject: *.wordpress.com
1830Altnames: DNS:*.wordpress.com, DNS:wordpress.com
1831Issuer: COMODO RSA Domain Validation Secure Server CA
1832
1833Not valid before: Sep 6 00:00:00 2018 GMT
1834Not valid after: Sep 5 23:59:59 2020 GMT
1835######################################################################################################################################
1836+----------+-------------------------------+----------------------------------------------+----------+----------+
1837| App Name | URL to Application | Potential Exploit | Username | Password |
1838+----------+-------------------------------+----------------------------------------------+----------+----------+
1839| SVN | https://192.0.78.12:443/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
1840+----------+-------------------------------+----------------------------------------------+----------+----------+
1841######################################################################################################################################
1842Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 13:45 EST
1843NSE: Loaded 47 scripts for scanning.
1844NSE: Script Pre-scanning.
1845Initiating NSE at 13:45
1846Completed NSE at 13:45, 0.00s elapsed
1847Initiating NSE at 13:45
1848Completed NSE at 13:45, 0.00s elapsed
1849Initiating Parallel DNS resolution of 1 host. at 13:45
1850Completed Parallel DNS resolution of 1 host. at 13:45, 0.02s elapsed
1851Initiating SYN Stealth Scan at 13:45
1852Scanning 192.0.78.12 [65535 ports]
1853Discovered open port 80/tcp on 192.0.78.12
1854Discovered open port 443/tcp on 192.0.78.12
1855SYN Stealth Scan Timing: About 15.34% done; ETC: 13:48 (0:02:51 remaining)
1856SYN Stealth Scan Timing: About 41.86% done; ETC: 13:47 (0:01:25 remaining)
1857Completed SYN Stealth Scan at 13:46, 110.33s elapsed (65535 total ports)
1858Initiating Service scan at 13:46
1859Scanning 2 services on 192.0.78.12
1860Completed Service scan at 13:47, 10.62s elapsed (2 services on 1 host)
1861Initiating OS detection (try #1) against 192.0.78.12
1862Retrying OS detection (try #2) against 192.0.78.12
1863Initiating Traceroute at 13:47
1864Completed Traceroute at 13:47, 0.08s elapsed
1865Initiating Parallel DNS resolution of 2 hosts. at 13:47
1866Completed Parallel DNS resolution of 2 hosts. at 13:47, 0.02s elapsed
1867NSE: Script scanning 192.0.78.12.
1868Initiating NSE at 13:47
1869Completed NSE at 13:47, 5.26s elapsed
1870Initiating NSE at 13:47
1871Completed NSE at 13:47, 0.51s elapsed
1872Nmap scan report for 192.0.78.12
1873Host is up (0.062s latency).
1874Not shown: 65530 filtered ports
1875PORT STATE SERVICE VERSION
187625/tcp closed smtp
187780/tcp open http nginx
1878| vulscan: VulDB - https://vuldb.com:
1879| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1880| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1881| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1882| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1883| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1884| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1885| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1886| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1887| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1888| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1889| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1890| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1891| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1892| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1893| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1894| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1895| [67677] nginx up to 1.7.3 SSL weak authentication
1896| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1897| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1898| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1899| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1900| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1901| [8671] nginx up to 1.4 proxy_pass denial of service
1902| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1903| [7247] nginx 1.2.6 Proxy Function spoofing
1904| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1905| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1906| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1907| [59645] nginx up to 0.8.9 Heap-based memory corruption
1908| [53592] nginx 0.8.36 memory corruption
1909| [53590] nginx up to 0.8.9 unknown vulnerability
1910| [51533] nginx 0.7.64 Terminal privilege escalation
1911| [50905] nginx up to 0.8.9 directory traversal
1912| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1913| [50043] nginx up to 0.8.10 memory corruption
1914|
1915| MITRE CVE - https://cve.mitre.org:
1916| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1917| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1918| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1919| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1920| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1921| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1922| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1923| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1924| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1925| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1926| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1927| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1928| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1929|
1930| SecurityFocus - https://www.securityfocus.com/bid/:
1931| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1932| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1933| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1934| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1935| [82230] nginx Multiple Denial of Service Vulnerabilities
1936| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1937| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1938| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1939| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1940| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1941| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1942| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1943| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1944| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1945| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1946| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1947| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1948| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1949| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1950| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1951| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1952| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1953| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1954| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1955| [40420] nginx Directory Traversal Vulnerability
1956| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1957| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1958| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1959| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1960| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1961|
1962| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1963| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1964| [84172] nginx denial of service
1965| [84048] nginx buffer overflow
1966| [83923] nginx ngx_http_close_connection() integer overflow
1967| [83688] nginx null byte code execution
1968| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1969| [82319] nginx access.log information disclosure
1970| [80952] nginx SSL spoofing
1971| [77244] nginx and Microsoft Windows request security bypass
1972| [76778] Naxsi module for Nginx nx_extract.py directory traversal
1973| [74831] nginx ngx_http_mp4_module.c buffer overflow
1974| [74191] nginx ngx_cpystrn() information disclosure
1975| [74045] nginx header response information disclosure
1976| [71355] nginx ngx_resolver_copy() buffer overflow
1977| [59370] nginx characters denial of service
1978| [59369] nginx DATA source code disclosure
1979| [59047] nginx space source code disclosure
1980| [58966] nginx unspecified directory traversal
1981| [54025] nginx ngx_http_parse.c denial of service
1982| [53431] nginx WebDAV component directory traversal
1983| [53328] Nginx CRC-32 cached domain name spoofing
1984| [53250] Nginx ngx_http_parse_complex_uri() function code execution
1985|
1986| Exploit-DB - https://www.exploit-db.com:
1987| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
1988| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
1989| [25499] nginx 1.3.9-1.4.0 DoS PoC
1990| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
1991| [14830] nginx 0.6.38 - Heap Corruption Exploit
1992| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
1993| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
1994| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
1995| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
1996| [9829] nginx 0.7.61 WebDAV directory traversal
1997|
1998| OpenVAS (Nessus) - http://www.openvas.org:
1999| [864418] Fedora Update for nginx FEDORA-2012-3846
2000| [864310] Fedora Update for nginx FEDORA-2012-6238
2001| [864209] Fedora Update for nginx FEDORA-2012-6411
2002| [864204] Fedora Update for nginx FEDORA-2012-6371
2003| [864121] Fedora Update for nginx FEDORA-2012-4006
2004| [864115] Fedora Update for nginx FEDORA-2012-3991
2005| [864065] Fedora Update for nginx FEDORA-2011-16075
2006| [863654] Fedora Update for nginx FEDORA-2011-16110
2007| [861232] Fedora Update for nginx FEDORA-2007-1158
2008| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
2009| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
2010| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
2011| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
2012| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2013| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2014| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2015| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2016| [100659] nginx Directory Traversal Vulnerability
2017| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
2018| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2019| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2020| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2021| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
2022| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2023| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
2024| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
2025| [71297] FreeBSD Ports: nginx
2026| [71276] FreeBSD Ports: nginx
2027| [71239] Debian Security Advisory DSA 2434-1 (nginx)
2028| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
2029| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
2030| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
2031| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
2032| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
2033| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
2034| [64894] FreeBSD Ports: nginx
2035| [64869] Debian Security Advisory DSA 1884-1 (nginx)
2036|
2037| SecurityTracker - https://www.securitytracker.com:
2038| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
2039| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
2040| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
2041| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
2042|
2043| OSVDB - http://www.osvdb.org:
2044| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
2045| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
2046| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
2047| [92796] nginx ngx_http_close_connection Function Crafted r->
2048| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
2049| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
2050| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
2051| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
2052| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
2053| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
2054| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
2055| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
2056| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
2057| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
2058| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
2059| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
2060| [62617] nginx Internal DNS Cache Poisoning Weakness
2061| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
2062| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
2063| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
2064| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
2065| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
2066| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
2067| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
2068| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
2069| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
2070| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
2071|_
2072139/tcp closed netbios-ssn
2073443/tcp open ssl/http nginx
2074| vulscan: VulDB - https://vuldb.com:
2075| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
2076| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
2077| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
2078| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
2079| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
2080| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
2081| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
2082| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
2083| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
2084| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
2085| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
2086| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
2087| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
2088| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
2089| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
2090| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
2091| [67677] nginx up to 1.7.3 SSL weak authentication
2092| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
2093| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
2094| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
2095| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
2096| [65364] nginx up to 1.1.13 Default Configuration information disclosure
2097| [8671] nginx up to 1.4 proxy_pass denial of service
2098| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
2099| [7247] nginx 1.2.6 Proxy Function spoofing
2100| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
2101| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
2102| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
2103| [59645] nginx up to 0.8.9 Heap-based memory corruption
2104| [53592] nginx 0.8.36 memory corruption
2105| [53590] nginx up to 0.8.9 unknown vulnerability
2106| [51533] nginx 0.7.64 Terminal privilege escalation
2107| [50905] nginx up to 0.8.9 directory traversal
2108| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
2109| [50043] nginx up to 0.8.10 memory corruption
2110|
2111| MITRE CVE - https://cve.mitre.org:
2112| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
2113| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
2114| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
2115| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
2116| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
2117| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
2118| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
2119| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
2120| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
2121| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
2122| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
2123| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
2124| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
2125|
2126| SecurityFocus - https://www.securityfocus.com/bid/:
2127| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
2128| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
2129| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
2130| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
2131| [82230] nginx Multiple Denial of Service Vulnerabilities
2132| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
2133| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2134| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
2135| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
2136| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
2137| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
2138| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
2139| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
2140| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
2141| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
2142| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
2143| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
2144| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
2145| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
2146| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2147| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2148| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2149| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2150| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
2151| [40420] nginx Directory Traversal Vulnerability
2152| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2153| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2154| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2155| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2156| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
2157|
2158| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2159| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
2160| [84172] nginx denial of service
2161| [84048] nginx buffer overflow
2162| [83923] nginx ngx_http_close_connection() integer overflow
2163| [83688] nginx null byte code execution
2164| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
2165| [82319] nginx access.log information disclosure
2166| [80952] nginx SSL spoofing
2167| [77244] nginx and Microsoft Windows request security bypass
2168| [76778] Naxsi module for Nginx nx_extract.py directory traversal
2169| [74831] nginx ngx_http_mp4_module.c buffer overflow
2170| [74191] nginx ngx_cpystrn() information disclosure
2171| [74045] nginx header response information disclosure
2172| [71355] nginx ngx_resolver_copy() buffer overflow
2173| [59370] nginx characters denial of service
2174| [59369] nginx DATA source code disclosure
2175| [59047] nginx space source code disclosure
2176| [58966] nginx unspecified directory traversal
2177| [54025] nginx ngx_http_parse.c denial of service
2178| [53431] nginx WebDAV component directory traversal
2179| [53328] Nginx CRC-32 cached domain name spoofing
2180| [53250] Nginx ngx_http_parse_complex_uri() function code execution
2181|
2182| Exploit-DB - https://www.exploit-db.com:
2183| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
2184| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
2185| [25499] nginx 1.3.9-1.4.0 DoS PoC
2186| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
2187| [14830] nginx 0.6.38 - Heap Corruption Exploit
2188| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
2189| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
2190| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
2191| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
2192| [9829] nginx 0.7.61 WebDAV directory traversal
2193|
2194| OpenVAS (Nessus) - http://www.openvas.org:
2195| [864418] Fedora Update for nginx FEDORA-2012-3846
2196| [864310] Fedora Update for nginx FEDORA-2012-6238
2197| [864209] Fedora Update for nginx FEDORA-2012-6411
2198| [864204] Fedora Update for nginx FEDORA-2012-6371
2199| [864121] Fedora Update for nginx FEDORA-2012-4006
2200| [864115] Fedora Update for nginx FEDORA-2012-3991
2201| [864065] Fedora Update for nginx FEDORA-2011-16075
2202| [863654] Fedora Update for nginx FEDORA-2011-16110
2203| [861232] Fedora Update for nginx FEDORA-2007-1158
2204| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
2205| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
2206| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
2207| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
2208| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2209| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2210| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2211| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2212| [100659] nginx Directory Traversal Vulnerability
2213| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
2214| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2215| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2216| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2217| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
2218| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2219| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
2220| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
2221| [71297] FreeBSD Ports: nginx
2222| [71276] FreeBSD Ports: nginx
2223| [71239] Debian Security Advisory DSA 2434-1 (nginx)
2224| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
2225| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
2226| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
2227| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
2228| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
2229| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
2230| [64894] FreeBSD Ports: nginx
2231| [64869] Debian Security Advisory DSA 1884-1 (nginx)
2232|
2233| SecurityTracker - https://www.securitytracker.com:
2234| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
2235| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
2236| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
2237| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
2238|
2239| OSVDB - http://www.osvdb.org:
2240| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
2241| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
2242| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
2243| [92796] nginx ngx_http_close_connection Function Crafted r->
2244| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
2245| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
2246| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
2247| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
2248| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
2249| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
2250| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
2251| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
2252| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
2253| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
2254| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
2255| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
2256| [62617] nginx Internal DNS Cache Poisoning Weakness
2257| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
2258| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
2259| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
2260| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
2261| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
2262| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
2263| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
2264| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
2265| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
2266| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
2267|_
2268445/tcp closed microsoft-ds
2269Aggressive OS guesses: OpenWrt Kamikaze 7.09 (Linux 2.6.22) (92%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (91%), OpenWrt White Russian 0.9 (Linux 2.4.30) (91%), HP P2000 G3 NAS device (91%), Linux 3.18 (90%), Linux 2.6.32 (90%), ProVision-ISR security DVR (89%), Linux 3.12 - 4.10 (89%), Linux 3.16 (89%), Linux 3.0 (88%)
2270No exact OS matches for host (test conditions non-ideal).
2271Network Distance: 2 hops
2272TCP Sequence Prediction: Difficulty=256 (Good luck!)
2273IP ID Sequence Generation: All zeros
2274
2275TRACEROUTE (using port 139/tcp)
2276HOP RTT ADDRESS
22771 70.87 ms 10.252.204.1
22782 70.86 ms 192.0.78.12
2279
2280NSE: Script Post-scanning.
2281Initiating NSE at 13:47
2282Completed NSE at 13:47, 0.00s elapsed
2283Initiating NSE at 13:47
2284Completed NSE at 13:47, 0.00s elapsed
2285Read data files from: /usr/bin/../share/nmap
2286OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2287Nmap done: 1 IP address (1 host up) scanned in 131.17 seconds
2288 Raw packets sent: 131215 (5.777MB) | Rcvd: 309 (27.831KB)
2289######################################################################################################################################
2290Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 13:47 EST
2291NSE: Loaded 47 scripts for scanning.
2292NSE: Script Pre-scanning.
2293Initiating NSE at 13:47
2294Completed NSE at 13:47, 0.00s elapsed
2295Initiating NSE at 13:47
2296Completed NSE at 13:47, 0.00s elapsed
2297Initiating Parallel DNS resolution of 1 host. at 13:47
2298Completed Parallel DNS resolution of 1 host. at 13:47, 0.02s elapsed
2299Initiating UDP Scan at 13:47
2300Scanning 192.0.78.12 [15 ports]
2301Completed UDP Scan at 13:47, 1.56s elapsed (15 total ports)
2302Initiating Service scan at 13:47
2303Scanning 13 services on 192.0.78.12
2304Service scan Timing: About 7.69% done; ETC: 14:08 (0:19:24 remaining)
2305Completed Service scan at 13:49, 102.57s elapsed (13 services on 1 host)
2306Initiating OS detection (try #1) against 192.0.78.12
2307Retrying OS detection (try #2) against 192.0.78.12
2308Initiating Traceroute at 13:49
2309Completed Traceroute at 13:49, 7.05s elapsed
2310Initiating Parallel DNS resolution of 1 host. at 13:49
2311Completed Parallel DNS resolution of 1 host. at 13:49, 0.00s elapsed
2312NSE: Script scanning 192.0.78.12.
2313Initiating NSE at 13:49
2314Completed NSE at 13:49, 7.13s elapsed
2315Initiating NSE at 13:49
2316Completed NSE at 13:49, 1.01s elapsed
2317Nmap scan report for 192.0.78.12
2318Host is up (0.034s latency).
2319
2320PORT STATE SERVICE VERSION
232153/udp open|filtered domain
232267/udp open|filtered dhcps
232368/udp open|filtered dhcpc
232469/udp open|filtered tftp
232588/udp open|filtered kerberos-sec
2326123/udp open|filtered ntp
2327137/udp filtered netbios-ns
2328138/udp filtered netbios-dgm
2329139/udp open|filtered netbios-ssn
2330161/udp open|filtered snmp
2331162/udp open|filtered snmptrap
2332389/udp open|filtered ldap
2333500/udp open|filtered isakmp
2334|_ike-version: ERROR: Script execution failed (use -d to debug)
2335520/udp open|filtered route
23362049/udp open|filtered nfs
2337Too many fingerprints match this host to give specific OS details
2338
2339TRACEROUTE (using port 138/udp)
2340HOP RTT ADDRESS
23411 29.97 ms 10.252.204.1
23422 ... 3
23434 30.54 ms 10.252.204.1
23445 64.13 ms 10.252.204.1
23456 64.13 ms 10.252.204.1
23467 64.13 ms 10.252.204.1
23478 64.13 ms 10.252.204.1
23489 64.10 ms 10.252.204.1
234910 30.32 ms 10.252.204.1
235011 ... 18
235119 30.24 ms 10.252.204.1
235220 31.06 ms 10.252.204.1
235321 ... 27
235428 30.92 ms 10.252.204.1
235529 ...
235630 29.27 ms 10.252.204.1
2357
2358NSE: Script Post-scanning.
2359Initiating NSE at 13:49
2360Completed NSE at 13:49, 0.00s elapsed
2361Initiating NSE at 13:49
2362Completed NSE at 13:49, 0.00s elapsed
2363Read data files from: /usr/bin/../share/nmap
2364OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2365Nmap done: 1 IP address (1 host up) scanned in 122.19 seconds
2366 Raw packets sent: 137 (8.448KB) | Rcvd: 29 (2.734KB)
2367######################################################################################################################################
2368WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
2369Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 13:38 EST
2370Nmap scan report for 192.0.78.13
2371Host is up (0.076s latency).
2372Not shown: 491 filtered ports, 3 closed ports
2373Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2374PORT STATE SERVICE
237580/tcp open http
2376443/tcp open https
2377
2378Nmap done: 1 IP address (1 host up) scanned in 6.79 seconds
2379######################################################################################################################################
2380Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 13:38 EST
2381Nmap scan report for 192.0.78.13
2382Host is up (0.28s latency).
2383Not shown: 2 filtered ports
2384PORT STATE SERVICE
238553/udp open|filtered domain
238667/udp open|filtered dhcps
238768/udp open|filtered dhcpc
238869/udp open|filtered tftp
238988/udp open|filtered kerberos-sec
2390123/udp open|filtered ntp
2391139/udp open|filtered netbios-ssn
2392161/udp open|filtered snmp
2393162/udp open|filtered snmptrap
2394389/udp open|filtered ldap
2395500/udp open|filtered isakmp
2396520/udp open|filtered route
23972049/udp open|filtered nfs
2398
2399Nmap done: 1 IP address (1 host up) scanned in 6.26 seconds
2400######################################################################################################################################
2401HTTP/1.1 302 Found
2402Server: nginx
2403Date: Tue, 14 Jan 2020 18:39:01 GMT
2404Content-Type: text/html; charset=utf-8
2405Connection: keep-alive
2406Vary: Cookie
2407Location: http://en.wordpress.com/typo/?subdomain=192
2408X-ac: 1.yyz _dfw
2409#####################################################################################################################################
2410https://automattic.com/privacy/
2411https://central.wordcamp.org/
2412https://developer.wordpress.com/
2413https://en.forums.wordpress.com/
2414https://en.support.wordpress.com/
2415https://fonts.googleapis.com/css?family=Noto+Sans:400,400i,700,700i&subset=cyrillic,cyrillic-ext,devanagari,greek,greek-ext,latin-ext,vietnamese
2416https://fonts.googleapis.com/css?family=Noto+Serif:400,400i,700,700i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese
2417https://ma.tt/
2418https://pixel.wp.com/b.gif?v=noscript
2419https://s1.wp.com/wp-content/themes/h4/ie6.css
2420https://s1.wp.com/wp-includes/js/dist/vendor/wp-polyfill-fetch.min.js?m=1573572739h&ver=3.0.0
2421https://store.wordpress.com/
2422https://wordpress.com/about/
2423https://wordpress.com/features/
2424https://wordpress.com/themes/
2425https://wordpress.com/tos/
2426https://wordpress.org/
2427http://www.w3.org/1999/xhtml
2428//stats.wp.com/w.js?60
2429text/css
2430text/javascript
2431#####################################################################################################################################
2432http://192.0.78.13 [302 Found] Country[UNITED STATES][US], HTTPServer[nginx], IP[192.0.78.13], RedirectLocation[http://en.wordpress.com/typo/?subdomain=192], UncommonHeaders[x-ac], nginx
2433http://en.wordpress.com/typo/?subdomain=192 [301 Moved Permanently] Country[UNITED STATES][US], HTTPServer[nginx], IP[192.0.79.32], RedirectLocation[https://en.wordpress.com/typo/?subdomain=192], Title[301 Moved Permanently], UncommonHeaders[x-ac], nginx
2434https://en.wordpress.com/typo/?subdomain=192 [200 OK] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[192.0.79.32], MetaGenerator[WordPress.com], OpenID, OpenSearch[https://en.wordpress.com/osd.xml,https://s1.wp.com/opensearch.xml], Script[text/javascript], Strict-Transport-Security[max-age=15552000], Title[WordPress.com], UncommonHeaders[x-hacker,x-ac], WordPress, X-Frame-Options[SAMEORIGIN], nginx, x-hacker[If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.]
2435######################################################################################################################################
2436wig - WebApp Information Gatherer
2437
2438
2439Scanning https://en.wordpress.com...
2440___________________________________________________ SITE INFO ____________________________________________________
2441IP Title
2442192.0.79.32 WordPress.com
2443192.0.79.33
2444
2445____________________________________________________ VERSION _____________________________________________________
2446Name Versions Type
2447WordPress 3.8 | 3.8.1 | 3.8.2 | 3.8.3 | 3.8.4 | 3.8.5 | 3.8.6 | 3.8.7 CMS
2448 3.8.8 | 3.9 | 3.9.1 | 3.9.2 | 3.9.3 | 3.9.4 | 3.9.5 | 3.9.6
2449 4.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.0.5 | 4.1 | 4.1.1
2450 4.1.2 | 4.1.3 | 4.1.4 | 4.1.5 | 4.2 | 4.2.1 | 4.2.2
2451nginx Platform
2452
2453__________________________________________________ INTERESTING ___________________________________________________
2454URL Note Type
2455/robots.txt robots.txt index Interesting
2456/install.php Installation file Interesting
2457/install.aspx Installation file Interesting
2458/install.asp Installation file Interesting
2459/install.htm Installation file Interesting
2460/install.html Installation file Interesting
2461/test.php Test file Interesting
2462/test.aspx Test file Interesting
2463/test.asp Test file Interesting
2464/test.htm Test file Interesting
2465/test.html Test file Interesting
2466/test1.php Test file Interesting
2467/test1.aspx Test file Interesting
2468/test1.asp Test file Interesting
2469/test1.htm Test file Interesting
2470/test1.html Test file Interesting
2471/old.php This might be interesting Interesting
2472/old.asp This might be interesting Interesting
2473
2474_____________________________________________________ TOOLS ______________________________________________________
2475Name Link Software
2476wpscan https://github.com/wpscanteam/wpscan WordPress
2477CMSmap https://github.com/Dionach/CMSmap WordPress
2478
2479________________________________________________ VULNERABILITIES _________________________________________________
2480Affected #Vulns Link
2481WordPress 3.8 12 http://cvedetails.com/version/162922
2482WordPress 3.8.1 12 http://cvedetails.com/version/162923
2483WordPress 3.8.2 7 http://cvedetails.com/version/176067
2484WordPress 3.8.3 7 http://cvedetails.com/version/176068
2485WordPress 3.8.4 8 http://cvedetails.com/version/176069
2486WordPress 3.9 8 http://cvedetails.com/version/176070
2487WordPress 3.9.1 15 http://cvedetails.com/version/169908
2488WordPress 3.9.2 10 http://cvedetails.com/version/176071
2489WordPress 3.9.3 1 http://cvedetails.com/version/185080
2490WordPress 4.0 9 http://cvedetails.com/version/176072
2491WordPress 4.0.1 1 http://cvedetails.com/version/185081
2492WordPress 4.1 1 http://cvedetails.com/version/185082
2493WordPress 4.1.1 2 http://cvedetails.com/version/185079
2494WordPress 4.2 1 http://cvedetails.com/version/185048
2495WordPress 4.2.1 1 http://cvedetails.com/version/184019
2496WordPress 4.2.2 2 http://cvedetails.com/version/185073
2497
2498__________________________________________________________________________________________________________________
2499Time: 7.6 sec Urls: 217 Fingerprints: 40401
2500######################################################################################################################################
2501===============================================================
2502Gobuster v3.0.1
2503by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
2504===============================================================
2505[+] Url: http://192.0.78.13
2506[+] Threads: 10
2507[+] Wordlist: /usr/share/sniper/wordlists/vhosts.txt
2508[+] User Agent: gobuster/3.0.1
2509[+] Timeout: 10s
2510===============================================================
25112020/01/14 13:40:39 Starting gobuster
2512===============================================================
2513Found: alerts.192.0.78.13 (Status: 403) [Size: 2945]
2514Found: apache.192.0.78.13 (Status: 403) [Size: 2945]
2515Found: alpha.192.0.78.13 (Status: 403) [Size: 2945]
2516Found: adserver.192.0.78.13 (Status: 403) [Size: 2945]
2517Found: api.192.0.78.13 (Status: 403) [Size: 2945]
2518Found: administration.192.0.78.13 (Status: 403) [Size: 2945]
2519Found: appserver.192.0.78.13 (Status: 403) [Size: 2945]
2520Found: apps.192.0.78.13 (Status: 403) [Size: 2945]
2521Found: auth.192.0.78.13 (Status: 403) [Size: 2945]
2522Found: aptest.192.0.78.13 (Status: 403) [Size: 2945]
2523Found: backup.192.0.78.13 (Status: 403) [Size: 2945]
2524Found: beta.192.0.78.13 (Status: 403) [Size: 2945]
2525Found: blog.192.0.78.13 (Status: 403) [Size: 2945]
2526Found: chat.192.0.78.13 (Status: 403) [Size: 2945]
2527Found: corp.192.0.78.13 (Status: 403) [Size: 2945]
2528Found: citrix.192.0.78.13 (Status: 403) [Size: 2945]
2529Found: dashboard.192.0.78.13 (Status: 403) [Size: 2945]
2530Found: database.192.0.78.13 (Status: 403) [Size: 2945]
2531Found: demo.192.0.78.13 (Status: 403) [Size: 2945]
2532Found: development.192.0.78.13 (Status: 403) [Size: 2945]
2533Found: devel.192.0.78.13 (Status: 403) [Size: 2945]
2534Found: direct.192.0.78.13 (Status: 403) [Size: 2945]
2535Found: dhcp.192.0.78.13 (Status: 403) [Size: 2945]
2536Found: devtest.192.0.78.13 (Status: 403) [Size: 2945]
2537Found: dns2.192.0.78.13 (Status: 403) [Size: 2945]
2538Found: download.192.0.78.13 (Status: 403) [Size: 2945]
2539Found: dns1.192.0.78.13 (Status: 403) [Size: 2945]
2540Found: eshop.192.0.78.13 (Status: 403) [Size: 2945]
2541Found: exchange.192.0.78.13 (Status: 403) [Size: 2945]
2542Found: firewall.192.0.78.13 (Status: 403) [Size: 2945]
2543Found: forum.192.0.78.13 (Status: 403) [Size: 2945]
2544Found: fileserver.192.0.78.13 (Status: 403) [Size: 2945]
2545Found: gw.192.0.78.13 (Status: 403) [Size: 2945]
2546Found: help.192.0.78.13 (Status: 403) [Size: 2945]
2547Found: host.192.0.78.13 (Status: 403) [Size: 2945]
2548Found: home.192.0.78.13 (Status: 403) [Size: 2945]
2549Found: helpdesk.192.0.78.13 (Status: 403) [Size: 2945]
2550Found: http.192.0.78.13 (Status: 403) [Size: 2945]
2551Found: images.192.0.78.13 (Status: 403) [Size: 2945]
2552Found: info.192.0.78.13 (Status: 403) [Size: 2945]
2553Found: internal.192.0.78.13 (Status: 403) [Size: 2945]
2554Found: internet.192.0.78.13 (Status: 403) [Size: 2945]
2555Found: ldap.192.0.78.13 (Status: 403) [Size: 2945]
2556Found: intra.192.0.78.13 (Status: 403) [Size: 2945]
2557Found: ipv6.192.0.78.13 (Status: 403) [Size: 2945]
2558Found: intranet.192.0.78.13 (Status: 403) [Size: 2945]
2559Found: linux.192.0.78.13 (Status: 403) [Size: 2945]
2560Found: local.192.0.78.13 (Status: 403) [Size: 2945]
2561Found: log.192.0.78.13 (Status: 403) [Size: 2945]
2562Found: localhost.192.0.78.13 (Status: 403) [Size: 2945]
2563Found: mail3.192.0.78.13 (Status: 403) [Size: 2945]
2564Found: mailgate.192.0.78.13 (Status: 403) [Size: 2945]
2565Found: mail2.192.0.78.13 (Status: 403) [Size: 2945]
2566Found: mail.192.0.78.13 (Status: 403) [Size: 2945]
2567Found: mgmt.192.0.78.13 (Status: 403) [Size: 2945]
2568Found: manage.192.0.78.13 (Status: 403) [Size: 2945]
2569Found: mobile.192.0.78.13 (Status: 403) [Size: 2945]
2570Found: mssql.192.0.78.13 (Status: 403) [Size: 2945]
2571Found: mirror.192.0.78.13 (Status: 403) [Size: 2945]
2572Found: monitor.192.0.78.13 (Status: 403) [Size: 2945]
2573Found: mysql.192.0.78.13 (Status: 403) [Size: 2945]
2574Found: news.192.0.78.13 (Status: 403) [Size: 2945]
2575Found: oracle.192.0.78.13 (Status: 403) [Size: 2945]
2576Found: portal.192.0.78.13 (Status: 403) [Size: 2945]
2577Found: secure.192.0.78.13 (Status: 403) [Size: 2945]
2578Found: server.192.0.78.13 (Status: 403) [Size: 2945]
2579Found: squid.192.0.78.13 (Status: 403) [Size: 2945]
2580Found: sharepoint.192.0.78.13 (Status: 403) [Size: 2945]
2581Found: shop.192.0.78.13 (Status: 403) [Size: 2945]
2582Found: smtp.192.0.78.13 (Status: 403) [Size: 2945]
2583Found: stage.192.0.78.13 (Status: 403) [Size: 2945]
2584Found: status.192.0.78.13 (Status: 403) [Size: 2945]
2585Found: syslog.192.0.78.13 (Status: 403) [Size: 2945]
2586Found: stats.192.0.78.13 (Status: 403) [Size: 2945]
2587Found: staging.192.0.78.13 (Status: 403) [Size: 2945]
2588Found: test.192.0.78.13 (Status: 403) [Size: 2945]
2589Found: test1.192.0.78.13 (Status: 403) [Size: 2945]
2590Found: testing.192.0.78.13 (Status: 403) [Size: 2945]
2591Found: test2.192.0.78.13 (Status: 403) [Size: 2945]
2592Found: upload.192.0.78.13 (Status: 403) [Size: 2945]
2593Found: voip.192.0.78.13 (Status: 403) [Size: 2945]
2594Found: www.192.0.78.13 (Status: 301) [Size: 162]
2595Found: wiki.192.0.78.13 (Status: 403) [Size: 2945]
2596Found: whois.192.0.78.13 (Status: 403) [Size: 2945]
2597Found: www2.192.0.78.13 (Status: 403) [Size: 2945]
2598===============================================================
25992020/01/14 13:40:41 Finished
2600===============================================================
2601#####################################################################################################################################
2602Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 13:40 EST
2603NSE: Loaded 162 scripts for scanning.
2604NSE: Script Pre-scanning.
2605Initiating NSE at 13:40
2606Completed NSE at 13:40, 0.00s elapsed
2607Initiating NSE at 13:40
2608Completed NSE at 13:40, 0.00s elapsed
2609Initiating Parallel DNS resolution of 1 host. at 13:40
2610Completed Parallel DNS resolution of 1 host. at 13:40, 0.02s elapsed
2611Initiating SYN Stealth Scan at 13:40
2612Scanning 192.0.78.13 [1 port]
2613Discovered open port 80/tcp on 192.0.78.13
2614Completed SYN Stealth Scan at 13:40, 0.12s elapsed (1 total ports)
2615Initiating Service scan at 13:40
2616Scanning 1 service on 192.0.78.13
2617Completed Service scan at 13:40, 5.32s elapsed (1 service on 1 host)
2618Initiating OS detection (try #1) against 192.0.78.13
2619Retrying OS detection (try #2) against 192.0.78.13
2620Initiating Traceroute at 13:40
2621Completed Traceroute at 13:40, 3.02s elapsed
2622Initiating Parallel DNS resolution of 4 hosts. at 13:40
2623Completed Parallel DNS resolution of 4 hosts. at 13:40, 0.20s elapsed
2624NSE: Script scanning 192.0.78.13.
2625Initiating NSE at 13:40
2626Completed NSE at 13:41, 24.92s elapsed
2627Initiating NSE at 13:41
2628Completed NSE at 13:41, 0.59s elapsed
2629Nmap scan report for 192.0.78.13
2630Host is up (0.075s latency).
2631
2632PORT STATE SERVICE VERSION
263380/tcp open http nginx
2634| http-brute:
2635|_ Path "/" does not require authentication
2636|_http-chrono: Request times for /typo/; avg: 268.49ms; min: 218.83ms; max: 317.34ms
2637|_http-csrf: Couldn't find any CSRF vulnerabilities.
2638|_http-date: Tue, 14 Jan 2020 18:40:57 GMT; -4s from local time.
2639|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2640|_http-dombased-xss: Couldn't find any DOM based XSS.
2641|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2642|_http-errors: Couldn't find any error pages.
2643|_http-feed: Couldn't find any feeds.
2644|_http-fetch: Please enter the complete path of the directory to save data in.
2645| http-headers:
2646| Server: nginx
2647| Date: Tue, 14 Jan 2020 18:40:59 GMT
2648| Content-Type: text/html; charset=utf-8
2649| Transfer-Encoding: chunked
2650| Connection: close
2651| Vary: Cookie
2652| Location: http://en.wordpress.com/typo/?subdomain=192
2653| X-ac: 1.yyz _dfw
2654|
2655|_ (Request type: GET)
2656|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2657| http-methods:
2658|_ Supported Methods: GET HEAD POST OPTIONS
2659|_http-mobileversion-checker: No mobile version detected.
2660|_http-passwd: ERROR: Script execution failed (use -d to debug)
2661| http-security-headers:
2662| Strict_Transport_Security:
2663| Header: Strict-Transport-Security: max-age=15552000
2664| X_Frame_Options:
2665| Header: X-Frame-Options: SAMEORIGIN
2666|_ Description: The browser must not display this content in any frame from a page of different origin than the content itself.
2667| http-sitemap-generator:
2668| Directory structure:
2669| Longest directory structure:
2670| Depth: 0
2671| Dir: /
2672| Total files found (by extension):
2673|_
2674|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2675|_http-title: Did not follow redirect to http://en.wordpress.com/typo/?subdomain=192
2676| http-vhosts:
2677|_127 names had status 400
2678| http-wordpress-enum:
2679| Search limited to top 100 themes/plugins
2680| themes
2681| twentyten
2682| plugins
2683| akismet
2684|_ bbpress 2.5.12
2685|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2686|_http-xssed: No previously reported XSS vuln.
2687| vulscan: VulDB - https://vuldb.com:
2688| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
2689| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
2690| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
2691| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
2692| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
2693| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
2694| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
2695| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
2696| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
2697| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
2698| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
2699| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
2700| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
2701| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
2702| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
2703| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
2704| [67677] nginx up to 1.7.3 SSL weak authentication
2705| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
2706| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
2707| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
2708| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
2709| [65364] nginx up to 1.1.13 Default Configuration information disclosure
2710| [8671] nginx up to 1.4 proxy_pass denial of service
2711| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
2712| [7247] nginx 1.2.6 Proxy Function spoofing
2713| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
2714| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
2715| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
2716| [59645] nginx up to 0.8.9 Heap-based memory corruption
2717| [53592] nginx 0.8.36 memory corruption
2718| [53590] nginx up to 0.8.9 unknown vulnerability
2719| [51533] nginx 0.7.64 Terminal privilege escalation
2720| [50905] nginx up to 0.8.9 directory traversal
2721| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
2722| [50043] nginx up to 0.8.10 memory corruption
2723|
2724| MITRE CVE - https://cve.mitre.org:
2725| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
2726| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
2727| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
2728| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
2729| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
2730| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
2731| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
2732| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
2733| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
2734| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
2735| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
2736| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
2737| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
2738|
2739| SecurityFocus - https://www.securityfocus.com/bid/:
2740| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
2741| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
2742| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
2743| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
2744| [82230] nginx Multiple Denial of Service Vulnerabilities
2745| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
2746| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2747| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
2748| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
2749| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
2750| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
2751| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
2752| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
2753| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
2754| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
2755| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
2756| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
2757| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
2758| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
2759| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2760| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2761| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2762| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2763| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
2764| [40420] nginx Directory Traversal Vulnerability
2765| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2766| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2767| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2768| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2769| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
2770|
2771| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2772| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
2773| [84172] nginx denial of service
2774| [84048] nginx buffer overflow
2775| [83923] nginx ngx_http_close_connection() integer overflow
2776| [83688] nginx null byte code execution
2777| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
2778| [82319] nginx access.log information disclosure
2779| [80952] nginx SSL spoofing
2780| [77244] nginx and Microsoft Windows request security bypass
2781| [76778] Naxsi module for Nginx nx_extract.py directory traversal
2782| [74831] nginx ngx_http_mp4_module.c buffer overflow
2783| [74191] nginx ngx_cpystrn() information disclosure
2784| [74045] nginx header response information disclosure
2785| [71355] nginx ngx_resolver_copy() buffer overflow
2786| [59370] nginx characters denial of service
2787| [59369] nginx DATA source code disclosure
2788| [59047] nginx space source code disclosure
2789| [58966] nginx unspecified directory traversal
2790| [54025] nginx ngx_http_parse.c denial of service
2791| [53431] nginx WebDAV component directory traversal
2792| [53328] Nginx CRC-32 cached domain name spoofing
2793| [53250] Nginx ngx_http_parse_complex_uri() function code execution
2794|
2795| Exploit-DB - https://www.exploit-db.com:
2796| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
2797| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
2798| [25499] nginx 1.3.9-1.4.0 DoS PoC
2799| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
2800| [14830] nginx 0.6.38 - Heap Corruption Exploit
2801| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
2802| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
2803| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
2804| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
2805| [9829] nginx 0.7.61 WebDAV directory traversal
2806|
2807| OpenVAS (Nessus) - http://www.openvas.org:
2808| [864418] Fedora Update for nginx FEDORA-2012-3846
2809| [864310] Fedora Update for nginx FEDORA-2012-6238
2810| [864209] Fedora Update for nginx FEDORA-2012-6411
2811| [864204] Fedora Update for nginx FEDORA-2012-6371
2812| [864121] Fedora Update for nginx FEDORA-2012-4006
2813| [864115] Fedora Update for nginx FEDORA-2012-3991
2814| [864065] Fedora Update for nginx FEDORA-2011-16075
2815| [863654] Fedora Update for nginx FEDORA-2011-16110
2816| [861232] Fedora Update for nginx FEDORA-2007-1158
2817| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
2818| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
2819| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
2820| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
2821| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2822| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2823| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2824| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2825| [100659] nginx Directory Traversal Vulnerability
2826| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
2827| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2828| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2829| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2830| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
2831| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2832| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
2833| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
2834| [71297] FreeBSD Ports: nginx
2835| [71276] FreeBSD Ports: nginx
2836| [71239] Debian Security Advisory DSA 2434-1 (nginx)
2837| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
2838| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
2839| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
2840| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
2841| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
2842| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
2843| [64894] FreeBSD Ports: nginx
2844| [64869] Debian Security Advisory DSA 1884-1 (nginx)
2845|
2846| SecurityTracker - https://www.securitytracker.com:
2847| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
2848| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
2849| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
2850| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
2851|
2852| OSVDB - http://www.osvdb.org:
2853| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
2854| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
2855| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
2856| [92796] nginx ngx_http_close_connection Function Crafted r->
2857| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
2858| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
2859| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
2860| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
2861| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
2862| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
2863| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
2864| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
2865| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
2866| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
2867| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
2868| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
2869| [62617] nginx Internal DNS Cache Poisoning Weakness
2870| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
2871| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
2872| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
2873| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
2874| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
2875| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
2876| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
2877| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
2878| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
2879| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
2880|_
2881Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2882Aggressive OS guesses: Linux 3.12 - 4.10 (92%), Linux 3.16 (92%), Crestron XPanel control system (90%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (88%), OpenWrt White Russian 0.9 (Linux 2.4.30) (88%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (88%), Linux 3.18 (88%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%)
2883No exact OS matches for host (test conditions non-ideal).
2884Network Distance: 5 hops
2885TCP Sequence Prediction: Difficulty=264 (Good luck!)
2886IP ID Sequence Generation: All zeros
2887
2888TRACEROUTE (using port 80/tcp)
2889HOP RTT ADDRESS
28901 61.77 ms 10.252.204.1
28912 93.17 ms 104.245.145.177
28923 93.36 ms 104.245.147.41
28934 ...
28945 93.23 ms 192.0.78.13
2895
2896NSE: Script Post-scanning.
2897Initiating NSE at 13:41
2898Completed NSE at 13:41, 0.00s elapsed
2899Initiating NSE at 13:41
2900Completed NSE at 13:41, 0.00s elapsed
2901######################################################################################################################################
2902https://192.0.78.13 [302 Found] Country[UNITED STATES][US], HTTPServer[nginx], IP[192.0.78.13], RedirectLocation[https://en.wordpress.com/typo/?subdomain=192], UncommonHeaders[x-ac], nginx
2903https://en.wordpress.com/typo/?subdomain=192 [200 OK] Country[UNITED STATES][US], HTML5, HTTPServer[nginx], IP[192.0.79.32], MetaGenerator[WordPress.com], OpenID, OpenSearch[https://en.wordpress.com/osd.xml,https://s1.wp.com/opensearch.xml], Script[text/javascript], Strict-Transport-Security[max-age=15552000], Title[WordPress.com], UncommonHeaders[x-hacker,x-ac], WordPress, X-Frame-Options[SAMEORIGIN], nginx, x-hacker[If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.]
2904######################################################################################################################################
2905 WordPress .
2906 WordPress
2907 Google Font API
2908 X-ac: 1.yyz _dfw
2909 Server: nginx
2910 X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
2911######################################################################################################################################
2912Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 13:42 EST
2913NSE: Loaded 162 scripts for scanning.
2914NSE: Script Pre-scanning.
2915Initiating NSE at 13:42
2916Completed NSE at 13:42, 0.00s elapsed
2917Initiating NSE at 13:42
2918Completed NSE at 13:42, 0.00s elapsed
2919Initiating Parallel DNS resolution of 1 host. at 13:42
2920Completed Parallel DNS resolution of 1 host. at 13:42, 0.02s elapsed
2921Initiating SYN Stealth Scan at 13:42
2922Scanning 192.0.78.13 [1 port]
2923Discovered open port 443/tcp on 192.0.78.13
2924Completed SYN Stealth Scan at 13:42, 0.07s elapsed (1 total ports)
2925Initiating Service scan at 13:42
2926Scanning 1 service on 192.0.78.13
2927Completed Service scan at 13:42, 10.77s elapsed (1 service on 1 host)
2928Initiating OS detection (try #1) against 192.0.78.13
2929Retrying OS detection (try #2) against 192.0.78.13
2930Initiating Traceroute at 13:43
2931Completed Traceroute at 13:43, 3.03s elapsed
2932Initiating Parallel DNS resolution of 4 hosts. at 13:43
2933Completed Parallel DNS resolution of 4 hosts. at 13:43, 0.19s elapsed
2934NSE: Script scanning 192.0.78.13.
2935Initiating NSE at 13:43
2936Completed NSE at 13:44, 90.77s elapsed
2937Initiating NSE at 13:44
2938Completed NSE at 13:44, 0.78s elapsed
2939Nmap scan report for 192.0.78.13
2940Host is up (0.053s latency).
2941
2942PORT STATE SERVICE VERSION
2943443/tcp open ssl/http nginx
2944| http-brute:
2945|_ Path "/" does not require authentication
2946|_http-chrono: Request times for /typo/; avg: 548.83ms; min: 493.87ms; max: 612.51ms
2947|_http-csrf: Couldn't find any CSRF vulnerabilities.
2948|_http-date: Tue, 14 Jan 2020 18:43:05 GMT; -4s from local time.
2949|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2950|_http-dombased-xss: Couldn't find any DOM based XSS.
2951|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2952|_http-errors: Couldn't find any error pages.
2953|_http-feed: Couldn't find any feeds.
2954|_http-fetch: Please enter the complete path of the directory to save data in.
2955| http-headers:
2956| Server: nginx
2957| Date: Tue, 14 Jan 2020 18:43:10 GMT
2958| Content-Type: text/html; charset=utf-8
2959| Transfer-Encoding: chunked
2960| Connection: close
2961| Vary: Cookie
2962| Location: https://en.wordpress.com/typo/?subdomain=192
2963| X-ac: 1.yyz _dfw
2964|
2965|_ (Request type: GET)
2966|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2967| http-methods:
2968|_ Supported Methods: GET HEAD POST OPTIONS
2969|_http-mobileversion-checker: No mobile version detected.
2970|_http-passwd: ERROR: Script execution failed (use -d to debug)
2971| http-security-headers:
2972| Strict_Transport_Security:
2973| Header: Strict-Transport-Security: max-age=15552000
2974| X_Frame_Options:
2975| Header: X-Frame-Options: SAMEORIGIN
2976|_ Description: The browser must not display this content in any frame from a page of different origin than the content itself.
2977| http-sitemap-generator:
2978| Directory structure:
2979| Longest directory structure:
2980| Depth: 0
2981| Dir: /
2982| Total files found (by extension):
2983|_
2984|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2985|_http-title: Did not follow redirect to https://en.wordpress.com/typo/?subdomain=192
2986|_http-traceroute: ERROR: Script execution failed (use -d to debug)
2987| http-vhosts:
2988|_127 names had status 400
2989|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2990|_http-xssed: No previously reported XSS vuln.
2991| vulscan: VulDB - https://vuldb.com:
2992| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
2993| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
2994| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
2995| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
2996| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
2997| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
2998| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
2999| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
3000| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
3001| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
3002| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
3003| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
3004| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
3005| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
3006| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
3007| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
3008| [67677] nginx up to 1.7.3 SSL weak authentication
3009| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
3010| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
3011| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
3012| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
3013| [65364] nginx up to 1.1.13 Default Configuration information disclosure
3014| [8671] nginx up to 1.4 proxy_pass denial of service
3015| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
3016| [7247] nginx 1.2.6 Proxy Function spoofing
3017| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
3018| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
3019| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
3020| [59645] nginx up to 0.8.9 Heap-based memory corruption
3021| [53592] nginx 0.8.36 memory corruption
3022| [53590] nginx up to 0.8.9 unknown vulnerability
3023| [51533] nginx 0.7.64 Terminal privilege escalation
3024| [50905] nginx up to 0.8.9 directory traversal
3025| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
3026| [50043] nginx up to 0.8.10 memory corruption
3027|
3028| MITRE CVE - https://cve.mitre.org:
3029| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
3030| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
3031| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
3032| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
3033| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
3034| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
3035| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
3036| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
3037| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
3038| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
3039| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
3040| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
3041| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
3042|
3043| SecurityFocus - https://www.securityfocus.com/bid/:
3044| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
3045| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
3046| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
3047| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
3048| [82230] nginx Multiple Denial of Service Vulnerabilities
3049| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
3050| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
3051| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
3052| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
3053| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
3054| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
3055| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
3056| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
3057| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
3058| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
3059| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
3060| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
3061| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
3062| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
3063| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3064| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3065| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3066| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3067| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
3068| [40420] nginx Directory Traversal Vulnerability
3069| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3070| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3071| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3072| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3073| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
3074|
3075| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3076| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
3077| [84172] nginx denial of service
3078| [84048] nginx buffer overflow
3079| [83923] nginx ngx_http_close_connection() integer overflow
3080| [83688] nginx null byte code execution
3081| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
3082| [82319] nginx access.log information disclosure
3083| [80952] nginx SSL spoofing
3084| [77244] nginx and Microsoft Windows request security bypass
3085| [76778] Naxsi module for Nginx nx_extract.py directory traversal
3086| [74831] nginx ngx_http_mp4_module.c buffer overflow
3087| [74191] nginx ngx_cpystrn() information disclosure
3088| [74045] nginx header response information disclosure
3089| [71355] nginx ngx_resolver_copy() buffer overflow
3090| [59370] nginx characters denial of service
3091| [59369] nginx DATA source code disclosure
3092| [59047] nginx space source code disclosure
3093| [58966] nginx unspecified directory traversal
3094| [54025] nginx ngx_http_parse.c denial of service
3095| [53431] nginx WebDAV component directory traversal
3096| [53328] Nginx CRC-32 cached domain name spoofing
3097| [53250] Nginx ngx_http_parse_complex_uri() function code execution
3098|
3099| Exploit-DB - https://www.exploit-db.com:
3100| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
3101| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
3102| [25499] nginx 1.3.9-1.4.0 DoS PoC
3103| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
3104| [14830] nginx 0.6.38 - Heap Corruption Exploit
3105| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
3106| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
3107| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3108| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
3109| [9829] nginx 0.7.61 WebDAV directory traversal
3110|
3111| OpenVAS (Nessus) - http://www.openvas.org:
3112| [864418] Fedora Update for nginx FEDORA-2012-3846
3113| [864310] Fedora Update for nginx FEDORA-2012-6238
3114| [864209] Fedora Update for nginx FEDORA-2012-6411
3115| [864204] Fedora Update for nginx FEDORA-2012-6371
3116| [864121] Fedora Update for nginx FEDORA-2012-4006
3117| [864115] Fedora Update for nginx FEDORA-2012-3991
3118| [864065] Fedora Update for nginx FEDORA-2011-16075
3119| [863654] Fedora Update for nginx FEDORA-2011-16110
3120| [861232] Fedora Update for nginx FEDORA-2007-1158
3121| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
3122| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
3123| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
3124| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
3125| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3126| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3127| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3128| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3129| [100659] nginx Directory Traversal Vulnerability
3130| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
3131| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3132| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3133| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3134| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
3135| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3136| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
3137| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
3138| [71297] FreeBSD Ports: nginx
3139| [71276] FreeBSD Ports: nginx
3140| [71239] Debian Security Advisory DSA 2434-1 (nginx)
3141| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
3142| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
3143| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
3144| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
3145| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
3146| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
3147| [64894] FreeBSD Ports: nginx
3148| [64869] Debian Security Advisory DSA 1884-1 (nginx)
3149|
3150| SecurityTracker - https://www.securitytracker.com:
3151| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
3152| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
3153| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
3154| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
3155|
3156| OSVDB - http://www.osvdb.org:
3157| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
3158| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
3159| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
3160| [92796] nginx ngx_http_close_connection Function Crafted r->
3161| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
3162| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
3163| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
3164| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
3165| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
3166| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
3167| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
3168| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
3169| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
3170| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
3171| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
3172| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
3173| [62617] nginx Internal DNS Cache Poisoning Weakness
3174| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
3175| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
3176| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
3177| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
3178| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
3179| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
3180| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
3181| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
3182| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
3183| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
3184|_
3185Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3186Aggressive OS guesses: Linux 3.12 - 4.10 (92%), Linux 3.16 (92%), Crestron XPanel control system (90%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (90%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (88%), OpenWrt White Russian 0.9 (Linux 2.4.30) (88%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%)
3187No exact OS matches for host (test conditions non-ideal).
3188Network Distance: 5 hops
3189TCP Sequence Prediction: Difficulty=257 (Good luck!)
3190IP ID Sequence Generation: All zeros
3191
3192TRACEROUTE (using port 443/tcp)
3193HOP RTT ADDRESS
31941 62.97 ms 10.252.204.1
31952 63.00 ms 104.245.145.177
31963 63.06 ms 104.245.147.41
31974 ...
31985 63.07 ms 192.0.78.13
3199
3200NSE: Script Post-scanning.
3201Initiating NSE at 13:44
3202Completed NSE at 13:44, 0.00s elapsed
3203Initiating NSE at 13:44
3204Completed NSE at 13:44, 0.00s elapsed
3205######################################################################################################################################
3206Version: 1.11.13-static
3207OpenSSL 1.0.2-chacha (1.0.2g-dev)
3208
3209Connected to 192.0.78.13
3210
3211Testing SSL server 192.0.78.13 on port 443 using SNI name 192.0.78.13
3212
3213 TLS Fallback SCSV:
3214Server supports TLS Fallback SCSV
3215
3216 TLS renegotiation:
3217Secure session renegotiation supported
3218
3219 TLS Compression:
3220Compression disabled
3221
3222 Heartbleed:
3223TLS 1.2 not vulnerable to heartbleed
3224TLS 1.1 not vulnerable to heartbleed
3225TLS 1.0 not vulnerable to heartbleed
3226
3227 Supported Server Cipher(s):
3228Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
3229Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
3230Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3231Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3232Accepted TLSv1.2 128 bits AES128-SHA256
3233Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3234Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3235Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
3236Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
3237Accepted TLSv1.0 128 bits AES128-SHA
3238Accepted TLSv1.0 256 bits AES256-SHA
3239Accepted TLSv1.0 112 bits DES-CBC3-SHA
3240
3241 SSL Certificate:
3242Signature Algorithm: sha256WithRSAEncryption
3243RSA Key Strength: 2048
3244
3245Subject: *.wordpress.com
3246Altnames: DNS:*.wordpress.com, DNS:wordpress.com
3247Issuer: COMODO RSA Domain Validation Secure Server CA
3248
3249Not valid before: Sep 6 00:00:00 2018 GMT
3250Not valid after: Sep 5 23:59:59 2020 GMT
3251######################################################################################################################################
3252+----------+-----------------------------+----------------------------------------------+----------+----------+
3253| App Name | URL to Application | Potential Exploit | Username | Password |
3254+----------+-----------------------------+----------------------------------------------+----------+----------+
3255| SVN | http://192.0.78.13:80/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
3256+----------+-----------------------------+----------------------------------------------+----------+----------+
3257#####################################################################################################################################
3258Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 13:46 EST
3259NSE: Loaded 47 scripts for scanning.
3260NSE: Script Pre-scanning.
3261Initiating NSE at 13:46
3262Completed NSE at 13:46, 0.00s elapsed
3263Initiating NSE at 13:46
3264Completed NSE at 13:46, 0.00s elapsed
3265Initiating Parallel DNS resolution of 1 host. at 13:46
3266Completed Parallel DNS resolution of 1 host. at 13:46, 0.02s elapsed
3267Initiating SYN Stealth Scan at 13:46
3268Scanning 192.0.78.13 [65535 ports]
3269Discovered open port 443/tcp on 192.0.78.13
3270Discovered open port 80/tcp on 192.0.78.13
3271SYN Stealth Scan Timing: About 18.42% done; ETC: 13:48 (0:02:17 remaining)
3272SYN Stealth Scan Timing: About 46.42% done; ETC: 13:48 (0:01:10 remaining)
3273Completed SYN Stealth Scan at 13:47, 106.32s elapsed (65535 total ports)
3274Initiating Service scan at 13:47
3275Scanning 2 services on 192.0.78.13
3276Completed Service scan at 13:47, 11.01s elapsed (2 services on 1 host)
3277Initiating OS detection (try #1) against 192.0.78.13
3278Retrying OS detection (try #2) against 192.0.78.13
3279Initiating Traceroute at 13:48
3280Completed Traceroute at 13:48, 0.11s elapsed
3281Initiating Parallel DNS resolution of 2 hosts. at 13:48
3282Completed Parallel DNS resolution of 2 hosts. at 13:48, 0.02s elapsed
3283NSE: Script scanning 192.0.78.13.
3284Initiating NSE at 13:48
3285Completed NSE at 13:48, 5.33s elapsed
3286Initiating NSE at 13:48
3287Completed NSE at 13:48, 0.76s elapsed
3288Nmap scan report for 192.0.78.13
3289Host is up (0.088s latency).
3290Not shown: 65530 filtered ports
3291PORT STATE SERVICE VERSION
329225/tcp closed smtp
329380/tcp open http nginx
3294| vulscan: VulDB - https://vuldb.com:
3295| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
3296| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
3297| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
3298| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
3299| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
3300| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
3301| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
3302| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
3303| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
3304| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
3305| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
3306| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
3307| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
3308| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
3309| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
3310| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
3311| [67677] nginx up to 1.7.3 SSL weak authentication
3312| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
3313| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
3314| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
3315| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
3316| [65364] nginx up to 1.1.13 Default Configuration information disclosure
3317| [8671] nginx up to 1.4 proxy_pass denial of service
3318| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
3319| [7247] nginx 1.2.6 Proxy Function spoofing
3320| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
3321| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
3322| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
3323| [59645] nginx up to 0.8.9 Heap-based memory corruption
3324| [53592] nginx 0.8.36 memory corruption
3325| [53590] nginx up to 0.8.9 unknown vulnerability
3326| [51533] nginx 0.7.64 Terminal privilege escalation
3327| [50905] nginx up to 0.8.9 directory traversal
3328| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
3329| [50043] nginx up to 0.8.10 memory corruption
3330|
3331| MITRE CVE - https://cve.mitre.org:
3332| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
3333| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
3334| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
3335| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
3336| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
3337| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
3338| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
3339| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
3340| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
3341| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
3342| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
3343| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
3344| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
3345|
3346| SecurityFocus - https://www.securityfocus.com/bid/:
3347| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
3348| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
3349| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
3350| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
3351| [82230] nginx Multiple Denial of Service Vulnerabilities
3352| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
3353| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
3354| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
3355| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
3356| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
3357| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
3358| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
3359| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
3360| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
3361| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
3362| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
3363| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
3364| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
3365| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
3366| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3367| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3368| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3369| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3370| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
3371| [40420] nginx Directory Traversal Vulnerability
3372| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3373| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3374| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3375| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3376| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
3377|
3378| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3379| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
3380| [84172] nginx denial of service
3381| [84048] nginx buffer overflow
3382| [83923] nginx ngx_http_close_connection() integer overflow
3383| [83688] nginx null byte code execution
3384| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
3385| [82319] nginx access.log information disclosure
3386| [80952] nginx SSL spoofing
3387| [77244] nginx and Microsoft Windows request security bypass
3388| [76778] Naxsi module for Nginx nx_extract.py directory traversal
3389| [74831] nginx ngx_http_mp4_module.c buffer overflow
3390| [74191] nginx ngx_cpystrn() information disclosure
3391| [74045] nginx header response information disclosure
3392| [71355] nginx ngx_resolver_copy() buffer overflow
3393| [59370] nginx characters denial of service
3394| [59369] nginx DATA source code disclosure
3395| [59047] nginx space source code disclosure
3396| [58966] nginx unspecified directory traversal
3397| [54025] nginx ngx_http_parse.c denial of service
3398| [53431] nginx WebDAV component directory traversal
3399| [53328] Nginx CRC-32 cached domain name spoofing
3400| [53250] Nginx ngx_http_parse_complex_uri() function code execution
3401|
3402| Exploit-DB - https://www.exploit-db.com:
3403| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
3404| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
3405| [25499] nginx 1.3.9-1.4.0 DoS PoC
3406| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
3407| [14830] nginx 0.6.38 - Heap Corruption Exploit
3408| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
3409| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
3410| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3411| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
3412| [9829] nginx 0.7.61 WebDAV directory traversal
3413|
3414| OpenVAS (Nessus) - http://www.openvas.org:
3415| [864418] Fedora Update for nginx FEDORA-2012-3846
3416| [864310] Fedora Update for nginx FEDORA-2012-6238
3417| [864209] Fedora Update for nginx FEDORA-2012-6411
3418| [864204] Fedora Update for nginx FEDORA-2012-6371
3419| [864121] Fedora Update for nginx FEDORA-2012-4006
3420| [864115] Fedora Update for nginx FEDORA-2012-3991
3421| [864065] Fedora Update for nginx FEDORA-2011-16075
3422| [863654] Fedora Update for nginx FEDORA-2011-16110
3423| [861232] Fedora Update for nginx FEDORA-2007-1158
3424| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
3425| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
3426| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
3427| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
3428| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3429| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3430| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3431| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3432| [100659] nginx Directory Traversal Vulnerability
3433| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
3434| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3435| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3436| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3437| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
3438| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3439| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
3440| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
3441| [71297] FreeBSD Ports: nginx
3442| [71276] FreeBSD Ports: nginx
3443| [71239] Debian Security Advisory DSA 2434-1 (nginx)
3444| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
3445| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
3446| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
3447| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
3448| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
3449| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
3450| [64894] FreeBSD Ports: nginx
3451| [64869] Debian Security Advisory DSA 1884-1 (nginx)
3452|
3453| SecurityTracker - https://www.securitytracker.com:
3454| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
3455| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
3456| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
3457| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
3458|
3459| OSVDB - http://www.osvdb.org:
3460| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
3461| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
3462| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
3463| [92796] nginx ngx_http_close_connection Function Crafted r->
3464| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
3465| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
3466| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
3467| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
3468| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
3469| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
3470| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
3471| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
3472| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
3473| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
3474| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
3475| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
3476| [62617] nginx Internal DNS Cache Poisoning Weakness
3477| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
3478| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
3479| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
3480| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
3481| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
3482| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
3483| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
3484| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
3485| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
3486| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
3487|_
3488139/tcp closed netbios-ssn
3489443/tcp open ssl/http nginx
3490| vulscan: VulDB - https://vuldb.com:
3491| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
3492| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
3493| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
3494| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
3495| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
3496| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
3497| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
3498| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
3499| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
3500| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
3501| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
3502| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
3503| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
3504| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
3505| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
3506| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
3507| [67677] nginx up to 1.7.3 SSL weak authentication
3508| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
3509| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
3510| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
3511| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
3512| [65364] nginx up to 1.1.13 Default Configuration information disclosure
3513| [8671] nginx up to 1.4 proxy_pass denial of service
3514| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
3515| [7247] nginx 1.2.6 Proxy Function spoofing
3516| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
3517| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
3518| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
3519| [59645] nginx up to 0.8.9 Heap-based memory corruption
3520| [53592] nginx 0.8.36 memory corruption
3521| [53590] nginx up to 0.8.9 unknown vulnerability
3522| [51533] nginx 0.7.64 Terminal privilege escalation
3523| [50905] nginx up to 0.8.9 directory traversal
3524| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
3525| [50043] nginx up to 0.8.10 memory corruption
3526|
3527| MITRE CVE - https://cve.mitre.org:
3528| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
3529| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
3530| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
3531| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
3532| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
3533| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
3534| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
3535| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
3536| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
3537| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
3538| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
3539| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
3540| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
3541|
3542| SecurityFocus - https://www.securityfocus.com/bid/:
3543| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
3544| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
3545| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
3546| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
3547| [82230] nginx Multiple Denial of Service Vulnerabilities
3548| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
3549| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
3550| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
3551| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
3552| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
3553| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
3554| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
3555| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
3556| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
3557| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
3558| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
3559| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
3560| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
3561| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
3562| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3563| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3564| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3565| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3566| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
3567| [40420] nginx Directory Traversal Vulnerability
3568| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3569| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3570| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3571| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3572| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
3573|
3574| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3575| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
3576| [84172] nginx denial of service
3577| [84048] nginx buffer overflow
3578| [83923] nginx ngx_http_close_connection() integer overflow
3579| [83688] nginx null byte code execution
3580| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
3581| [82319] nginx access.log information disclosure
3582| [80952] nginx SSL spoofing
3583| [77244] nginx and Microsoft Windows request security bypass
3584| [76778] Naxsi module for Nginx nx_extract.py directory traversal
3585| [74831] nginx ngx_http_mp4_module.c buffer overflow
3586| [74191] nginx ngx_cpystrn() information disclosure
3587| [74045] nginx header response information disclosure
3588| [71355] nginx ngx_resolver_copy() buffer overflow
3589| [59370] nginx characters denial of service
3590| [59369] nginx DATA source code disclosure
3591| [59047] nginx space source code disclosure
3592| [58966] nginx unspecified directory traversal
3593| [54025] nginx ngx_http_parse.c denial of service
3594| [53431] nginx WebDAV component directory traversal
3595| [53328] Nginx CRC-32 cached domain name spoofing
3596| [53250] Nginx ngx_http_parse_complex_uri() function code execution
3597|
3598| Exploit-DB - https://www.exploit-db.com:
3599| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
3600| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
3601| [25499] nginx 1.3.9-1.4.0 DoS PoC
3602| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
3603| [14830] nginx 0.6.38 - Heap Corruption Exploit
3604| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
3605| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
3606| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3607| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
3608| [9829] nginx 0.7.61 WebDAV directory traversal
3609|
3610| OpenVAS (Nessus) - http://www.openvas.org:
3611| [864418] Fedora Update for nginx FEDORA-2012-3846
3612| [864310] Fedora Update for nginx FEDORA-2012-6238
3613| [864209] Fedora Update for nginx FEDORA-2012-6411
3614| [864204] Fedora Update for nginx FEDORA-2012-6371
3615| [864121] Fedora Update for nginx FEDORA-2012-4006
3616| [864115] Fedora Update for nginx FEDORA-2012-3991
3617| [864065] Fedora Update for nginx FEDORA-2011-16075
3618| [863654] Fedora Update for nginx FEDORA-2011-16110
3619| [861232] Fedora Update for nginx FEDORA-2007-1158
3620| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
3621| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
3622| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
3623| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
3624| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3625| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3626| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3627| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3628| [100659] nginx Directory Traversal Vulnerability
3629| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
3630| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3631| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3632| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3633| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
3634| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3635| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
3636| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
3637| [71297] FreeBSD Ports: nginx
3638| [71276] FreeBSD Ports: nginx
3639| [71239] Debian Security Advisory DSA 2434-1 (nginx)
3640| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
3641| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
3642| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
3643| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
3644| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
3645| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
3646| [64894] FreeBSD Ports: nginx
3647| [64869] Debian Security Advisory DSA 1884-1 (nginx)
3648|
3649| SecurityTracker - https://www.securitytracker.com:
3650| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
3651| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
3652| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
3653| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
3654|
3655| OSVDB - http://www.osvdb.org:
3656| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
3657| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
3658| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
3659| [92796] nginx ngx_http_close_connection Function Crafted r->
3660| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
3661| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
3662| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
3663| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
3664| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
3665| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
3666| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
3667| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
3668| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
3669| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
3670| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
3671| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
3672| [62617] nginx Internal DNS Cache Poisoning Weakness
3673| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
3674| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
3675| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
3676| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
3677| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
3678| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
3679| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
3680| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
3681| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
3682| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
3683|_
3684445/tcp closed microsoft-ds
3685Aggressive OS guesses: OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (91%), OpenWrt White Russian 0.9 (Linux 2.4.30) (91%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (91%), Linux 3.18 (91%), HP P2000 G3 NAS device (91%), Linux 2.6.32 (90%), ProVision-ISR security DVR (90%), Linux 3.12 - 4.10 (89%), Linux 3.16 (89%), Linux 3.0 (88%)
3686No exact OS matches for host (test conditions non-ideal).
3687Network Distance: 2 hops
3688TCP Sequence Prediction: Difficulty=265 (Good luck!)
3689IP ID Sequence Generation: All zeros
3690
3691TRACEROUTE (using port 139/tcp)
3692HOP RTT ADDRESS
36931 101.21 ms 10.252.204.1
36942 101.21 ms 192.0.78.13
3695
3696NSE: Script Post-scanning.
3697Initiating NSE at 13:48
3698Completed NSE at 13:48, 0.00s elapsed
3699Initiating NSE at 13:48
3700Completed NSE at 13:48, 0.00s elapsed
3701Read data files from: /usr/bin/../share/nmap
3702OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
3703Nmap done: 1 IP address (1 host up) scanned in 128.09 seconds
3704 Raw packets sent: 131215 (5.777MB) | Rcvd: 133 (7.040KB)
3705######################################################################################################################################
3706Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 13:48 EST
3707NSE: Loaded 47 scripts for scanning.
3708NSE: Script Pre-scanning.
3709Initiating NSE at 13:48
3710Completed NSE at 13:48, 0.00s elapsed
3711Initiating NSE at 13:48
3712Completed NSE at 13:48, 0.00s elapsed
3713Initiating Parallel DNS resolution of 1 host. at 13:48
3714Completed Parallel DNS resolution of 1 host. at 13:48, 0.02s elapsed
3715Initiating UDP Scan at 13:48
3716Scanning 192.0.78.13 [15 ports]
3717Completed UDP Scan at 13:48, 2.14s elapsed (15 total ports)
3718Initiating Service scan at 13:48
3719Scanning 13 services on 192.0.78.13
3720Service scan Timing: About 7.69% done; ETC: 14:09 (0:19:24 remaining)
3721Completed Service scan at 13:49, 102.58s elapsed (13 services on 1 host)
3722Initiating OS detection (try #1) against 192.0.78.13
3723Retrying OS detection (try #2) against 192.0.78.13
3724Initiating Traceroute at 13:49
3725Completed Traceroute at 13:50, 7.05s elapsed
3726Initiating Parallel DNS resolution of 1 host. at 13:50
3727Completed Parallel DNS resolution of 1 host. at 13:50, 0.00s elapsed
3728NSE: Script scanning 192.0.78.13.
3729Initiating NSE at 13:50
3730Completed NSE at 13:50, 7.13s elapsed
3731Initiating NSE at 13:50
3732Completed NSE at 13:50, 1.01s elapsed
3733Nmap scan report for 192.0.78.13
3734Host is up (0.051s latency).
3735
3736PORT STATE SERVICE VERSION
373753/udp open|filtered domain
373867/udp open|filtered dhcps
373968/udp open|filtered dhcpc
374069/udp open|filtered tftp
374188/udp open|filtered kerberos-sec
3742123/udp open|filtered ntp
3743137/udp filtered netbios-ns
3744138/udp filtered netbios-dgm
3745139/udp open|filtered netbios-ssn
3746161/udp open|filtered snmp
3747162/udp open|filtered snmptrap
3748389/udp open|filtered ldap
3749500/udp open|filtered isakmp
3750|_ike-version: ERROR: Script execution failed (use -d to debug)
3751520/udp open|filtered route
37522049/udp open|filtered nfs
3753Too many fingerprints match this host to give specific OS details
3754
3755TRACEROUTE (using port 137/udp)
3756HOP RTT ADDRESS
37571 29.50 ms 10.252.204.1
37582 ... 3
37594 30.04 ms 10.252.204.1
37605 89.72 ms 10.252.204.1
37616 89.71 ms 10.252.204.1
37627 89.71 ms 10.252.204.1
37638 89.68 ms 10.252.204.1
37649 59.89 ms 10.252.204.1
376510 30.39 ms 10.252.204.1
376611 ... 18
376719 31.87 ms 10.252.204.1
376820 29.99 ms 10.252.204.1
376921 ... 28
377029 30.60 ms 10.252.204.1
377130 29.92 ms 10.252.204.1
3772
3773NSE: Script Post-scanning.
3774Initiating NSE at 13:50
3775Completed NSE at 13:50, 0.00s elapsed
3776Initiating NSE at 13:50
3777Completed NSE at 13:50, 0.00s elapsed
3778Read data files from: /usr/bin/../share/nmap
3779OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
3780Nmap done: 1 IP address (1 host up) scanned in 123.48 seconds
3781 Raw packets sent: 137 (12.098KB) | Rcvd: 37 (3.863KB)
3782#######################################################################################################################################
3783Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-14 13:45 EST
3784Nmap scan report for 192.0.78.12
3785Host is up (0.067s latency).
3786Not shown: 995 filtered ports
3787PORT STATE SERVICE VERSION
378825/tcp closed smtp
378980/tcp open http nginx
3790| vulscan: VulDB - https://vuldb.com:
3791| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
3792| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
3793| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
3794| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
3795| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
3796| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
3797| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
3798| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
3799| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
3800| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
3801| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
3802| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
3803| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
3804| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
3805| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
3806| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
3807| [67677] nginx up to 1.7.3 SSL weak authentication
3808| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
3809| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
3810| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
3811| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
3812| [65364] nginx up to 1.1.13 Default Configuration information disclosure
3813| [8671] nginx up to 1.4 proxy_pass denial of service
3814| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
3815| [7247] nginx 1.2.6 Proxy Function spoofing
3816| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
3817| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
3818| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
3819| [59645] nginx up to 0.8.9 Heap-based memory corruption
3820| [53592] nginx 0.8.36 memory corruption
3821| [53590] nginx up to 0.8.9 unknown vulnerability
3822| [51533] nginx 0.7.64 Terminal privilege escalation
3823| [50905] nginx up to 0.8.9 directory traversal
3824| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
3825| [50043] nginx up to 0.8.10 memory corruption
3826|
3827| MITRE CVE - https://cve.mitre.org:
3828| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
3829| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
3830| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
3831| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
3832| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
3833| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
3834| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
3835| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
3836| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
3837| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
3838| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
3839| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
3840| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
3841|
3842| SecurityFocus - https://www.securityfocus.com/bid/:
3843| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
3844| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
3845| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
3846| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
3847| [82230] nginx Multiple Denial of Service Vulnerabilities
3848| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
3849| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
3850| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
3851| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
3852| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
3853| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
3854| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
3855| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
3856| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
3857| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
3858| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
3859| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
3860| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
3861| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
3862| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3863| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3864| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3865| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3866| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
3867| [40420] nginx Directory Traversal Vulnerability
3868| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3869| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3870| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3871| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3872| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
3873|
3874| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3875| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
3876| [84172] nginx denial of service
3877| [84048] nginx buffer overflow
3878| [83923] nginx ngx_http_close_connection() integer overflow
3879| [83688] nginx null byte code execution
3880| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
3881| [82319] nginx access.log information disclosure
3882| [80952] nginx SSL spoofing
3883| [77244] nginx and Microsoft Windows request security bypass
3884| [76778] Naxsi module for Nginx nx_extract.py directory traversal
3885| [74831] nginx ngx_http_mp4_module.c buffer overflow
3886| [74191] nginx ngx_cpystrn() information disclosure
3887| [74045] nginx header response information disclosure
3888| [71355] nginx ngx_resolver_copy() buffer overflow
3889| [59370] nginx characters denial of service
3890| [59369] nginx DATA source code disclosure
3891| [59047] nginx space source code disclosure
3892| [58966] nginx unspecified directory traversal
3893| [54025] nginx ngx_http_parse.c denial of service
3894| [53431] nginx WebDAV component directory traversal
3895| [53328] Nginx CRC-32 cached domain name spoofing
3896| [53250] Nginx ngx_http_parse_complex_uri() function code execution
3897|
3898| Exploit-DB - https://www.exploit-db.com:
3899| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
3900| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
3901| [25499] nginx 1.3.9-1.4.0 DoS PoC
3902| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
3903| [14830] nginx 0.6.38 - Heap Corruption Exploit
3904| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
3905| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
3906| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3907| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
3908| [9829] nginx 0.7.61 WebDAV directory traversal
3909|
3910| OpenVAS (Nessus) - http://www.openvas.org:
3911| [864418] Fedora Update for nginx FEDORA-2012-3846
3912| [864310] Fedora Update for nginx FEDORA-2012-6238
3913| [864209] Fedora Update for nginx FEDORA-2012-6411
3914| [864204] Fedora Update for nginx FEDORA-2012-6371
3915| [864121] Fedora Update for nginx FEDORA-2012-4006
3916| [864115] Fedora Update for nginx FEDORA-2012-3991
3917| [864065] Fedora Update for nginx FEDORA-2011-16075
3918| [863654] Fedora Update for nginx FEDORA-2011-16110
3919| [861232] Fedora Update for nginx FEDORA-2007-1158
3920| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
3921| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
3922| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
3923| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
3924| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3925| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3926| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3927| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3928| [100659] nginx Directory Traversal Vulnerability
3929| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
3930| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3931| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3932| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3933| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
3934| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3935| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
3936| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
3937| [71297] FreeBSD Ports: nginx
3938| [71276] FreeBSD Ports: nginx
3939| [71239] Debian Security Advisory DSA 2434-1 (nginx)
3940| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
3941| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
3942| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
3943| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
3944| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
3945| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
3946| [64894] FreeBSD Ports: nginx
3947| [64869] Debian Security Advisory DSA 1884-1 (nginx)
3948|
3949| SecurityTracker - https://www.securitytracker.com:
3950| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
3951| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
3952| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
3953| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
3954|
3955| OSVDB - http://www.osvdb.org:
3956| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
3957| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
3958| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
3959| [92796] nginx ngx_http_close_connection Function Crafted r->
3960| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
3961| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
3962| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
3963| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
3964| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
3965| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
3966| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
3967| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
3968| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
3969| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
3970| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
3971| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
3972| [62617] nginx Internal DNS Cache Poisoning Weakness
3973| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
3974| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
3975| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
3976| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
3977| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
3978| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
3979| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
3980| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
3981| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
3982| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
3983|_
3984139/tcp closed netbios-ssn
3985443/tcp open ssl/http nginx
3986| vulscan: VulDB - https://vuldb.com:
3987| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
3988| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
3989| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
3990| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
3991| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
3992| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
3993| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
3994| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
3995| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
3996| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
3997| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
3998| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
3999| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
4000| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
4001| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
4002| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
4003| [67677] nginx up to 1.7.3 SSL weak authentication
4004| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
4005| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
4006| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
4007| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
4008| [65364] nginx up to 1.1.13 Default Configuration information disclosure
4009| [8671] nginx up to 1.4 proxy_pass denial of service
4010| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
4011| [7247] nginx 1.2.6 Proxy Function spoofing
4012| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
4013| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
4014| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
4015| [59645] nginx up to 0.8.9 Heap-based memory corruption
4016| [53592] nginx 0.8.36 memory corruption
4017| [53590] nginx up to 0.8.9 unknown vulnerability
4018| [51533] nginx 0.7.64 Terminal privilege escalation
4019| [50905] nginx up to 0.8.9 directory traversal
4020| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
4021| [50043] nginx up to 0.8.10 memory corruption
4022|
4023| MITRE CVE - https://cve.mitre.org:
4024| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
4025| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
4026| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
4027| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
4028| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
4029| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
4030| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
4031| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
4032| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
4033| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
4034| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
4035| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
4036| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
4037|
4038| SecurityFocus - https://www.securityfocus.com/bid/:
4039| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
4040| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
4041| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
4042| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
4043| [82230] nginx Multiple Denial of Service Vulnerabilities
4044| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
4045| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
4046| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
4047| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
4048| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
4049| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
4050| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
4051| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
4052| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
4053| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
4054| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
4055| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
4056| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
4057| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
4058| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
4059| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
4060| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
4061| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
4062| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
4063| [40420] nginx Directory Traversal Vulnerability
4064| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
4065| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
4066| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
4067| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
4068| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
4069|
4070| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4071| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
4072| [84172] nginx denial of service
4073| [84048] nginx buffer overflow
4074| [83923] nginx ngx_http_close_connection() integer overflow
4075| [83688] nginx null byte code execution
4076| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
4077| [82319] nginx access.log information disclosure
4078| [80952] nginx SSL spoofing
4079| [77244] nginx and Microsoft Windows request security bypass
4080| [76778] Naxsi module for Nginx nx_extract.py directory traversal
4081| [74831] nginx ngx_http_mp4_module.c buffer overflow
4082| [74191] nginx ngx_cpystrn() information disclosure
4083| [74045] nginx header response information disclosure
4084| [71355] nginx ngx_resolver_copy() buffer overflow
4085| [59370] nginx characters denial of service
4086| [59369] nginx DATA source code disclosure
4087| [59047] nginx space source code disclosure
4088| [58966] nginx unspecified directory traversal
4089| [54025] nginx ngx_http_parse.c denial of service
4090| [53431] nginx WebDAV component directory traversal
4091| [53328] Nginx CRC-32 cached domain name spoofing
4092| [53250] Nginx ngx_http_parse_complex_uri() function code execution
4093|
4094| Exploit-DB - https://www.exploit-db.com:
4095| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
4096| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
4097| [25499] nginx 1.3.9-1.4.0 DoS PoC
4098| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
4099| [14830] nginx 0.6.38 - Heap Corruption Exploit
4100| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
4101| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
4102| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
4103| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
4104| [9829] nginx 0.7.61 WebDAV directory traversal
4105|
4106| OpenVAS (Nessus) - http://www.openvas.org:
4107| [864418] Fedora Update for nginx FEDORA-2012-3846
4108| [864310] Fedora Update for nginx FEDORA-2012-6238
4109| [864209] Fedora Update for nginx FEDORA-2012-6411
4110| [864204] Fedora Update for nginx FEDORA-2012-6371
4111| [864121] Fedora Update for nginx FEDORA-2012-4006
4112| [864115] Fedora Update for nginx FEDORA-2012-3991
4113| [864065] Fedora Update for nginx FEDORA-2011-16075
4114| [863654] Fedora Update for nginx FEDORA-2011-16110
4115| [861232] Fedora Update for nginx FEDORA-2007-1158
4116| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
4117| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
4118| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
4119| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
4120| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
4121| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
4122| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
4123| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
4124| [100659] nginx Directory Traversal Vulnerability
4125| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
4126| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
4127| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
4128| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
4129| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
4130| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
4131| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
4132| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
4133| [71297] FreeBSD Ports: nginx
4134| [71276] FreeBSD Ports: nginx
4135| [71239] Debian Security Advisory DSA 2434-1 (nginx)
4136| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
4137| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
4138| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
4139| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
4140| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
4141| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
4142| [64894] FreeBSD Ports: nginx
4143| [64869] Debian Security Advisory DSA 1884-1 (nginx)
4144|
4145| SecurityTracker - https://www.securitytracker.com:
4146| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
4147| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
4148| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
4149| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
4150|
4151| OSVDB - http://www.osvdb.org:
4152| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
4153| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
4154| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
4155| [92796] nginx ngx_http_close_connection Function Crafted r->
4156| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
4157| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
4158| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
4159| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
4160| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
4161| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
4162| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
4163| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
4164| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
4165| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
4166| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
4167| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
4168| [62617] nginx Internal DNS Cache Poisoning Weakness
4169| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
4170| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
4171| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
4172| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
4173| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
4174| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
4175| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
4176| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
4177| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
4178| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
4179|_
4180445/tcp closed microsoft-ds
4181######################################################################################################################################
4182[INFO] ------TARGET info------
4183[*] TARGET: https://albagdad.wordpress.com/
4184[*] TARGET IP: 192.0.78.13
4185[ALERT] albagdad.wordpress.com has a load balancer for IPv4 with the following IPs:
4186[*] 192.0.78.13
4187[*] 192.0.78.12
4188[*] DNS servers: lb.wordpress.com. ns1.wordpress.com.
4189[*] TARGET server: nginx
4190[*] CC: US
4191[*] Country: United States
4192[*] RegionCode: CA
4193[*] RegionName: California
4194[*] City: San Francisco
4195[*] ASN: AS2635
4196[*] BGP_PREFIX: 192.0.78.0/24
4197[*] ISP: AUTOMATTIC - Automattic, Inc, US
4198[INFO] SSL/HTTPS certificate detected
4199[*] Issuer: issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
4200[*] Subject: subject=OU = Domain Control Validated, OU = EssentialSSL Wildcard, CN = *.wordpress.com
4201[INFO] DNS enumeration:
4202[*] ad.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4203[*] admin.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4204[*] ads.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4205[*] alpha.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4206[*] api.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4207[*] api-online.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4208[*] apolo.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4209[*] app.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4210[*] beta.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4211[*] bi.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4212[*] blog.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4213[*] cdn.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4214[*] events.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4215[*] ex.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4216[*] files.wordpress.com 192.0.72.3
4217[*] ftp.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4218[*] gateway.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4219[*] go.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4220[*] help.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4221[*] ib.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4222[*] images.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4223[*] internetbanking.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4224[*] intranet.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4225[*] jobs.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4226[*] join.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4227[*] live.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4228[*] login.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4229[*] m.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4230[*] mail.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4231[*] mail2.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4232[*] mobile.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4233[*] moodle.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4234[*] mx.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4235[*] mx2.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4236[*] mx3.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4237[*] my.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4238[*] new.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4239[*] news.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4240[*] ns1.wordpress.com 198.181.116.9
4241[*] ns2.wordpress.com 198.181.117.9
4242[*] ns3.wordpress.com 192.0.74.9
4243[*] oauth.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4244[*] old.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4245[*] one.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4246[*] open.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4247[*] out.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4248[*] outlook.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4249[*] portfolio.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4250[*] raw.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4251[*] repo.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4252[*] router.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4253[*] search.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4254[*] siem.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4255[*] slack.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4256[*] slackbot.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4257[*] snmp.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4258[*] stream.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4259[*] support.wordpress.com vip-lb.wordpress.com. 192.0.79.32 192.0.79.33
4260[*] syslog.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4261[*] tags.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4262[*] test.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4263[*] upload.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4264[*] video.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4265[*] vpn.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4266[*] webconf.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4267[*] webmail.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4268[*] webportal.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4269[*] wiki.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4270[*] www2.wordpress.com lb.wordpress.com. 192.0.78.12 192.0.78.13
4271[*] www3.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4272[*] zendesk.wordpress.com lb.wordpress.com. 192.0.78.13 192.0.78.12
4273[INFO] Possible abuse mails are:
4274[*] abuse@automattic.com
4275[*] abuse@wordpress.com
4276[INFO] NO PAC (Proxy Auto Configuration) file FOUND
4277[ALERT] robots.txt file FOUND in http://albagdad.wordpress.com/robots.txt
4278[INFO] Checking for HTTP status codes recursively from http://albagdad.wordpress.com/robots.txt
4279[INFO] Status code Folders
4280[*] 200 http://albagdad.wordpress.com/press-this.php
4281[*] 200 http://albagdad.wordpress.com/remote-login.php
4282[*] 200 http://albagdad.wordpress.com/wp-admin/
4283[*] 200 http://albagdad.wordpress.com/wp-login.php
4284[*] 200 http://albagdad.wordpress.com/wp-signup.php
4285[INFO] Starting FUZZing in http://albagdad.wordpress.com/FUzZzZzZzZz...
4286[INFO] Status code Folders
4287[ALERT] Look in the source code. It may contain passwords
4288[ALERT] Content in http://albagdad.wordpress.com/ AND http://www.albagdad.wordpress.com/ is different
4289[INFO] MD5 for http://albagdad.wordpress.com/ is: 51060653b20383dfcd7beb623bdbd0da
4290[INFO] MD5 for http://www.albagdad.wordpress.com/ is: bcbd35ed85e1b37fb5225371f4269d71
4291[INFO] http://albagdad.wordpress.com/ redirects to https://albagdad.wordpress.com/
4292[INFO] http://www.albagdad.wordpress.com/ redirects to https://albagdad.wordpress.com/
4293[INFO] Links found from https://albagdad.wordpress.com/ http://192.0.78.13/:
4294[*] https://akismet.com/privacy/
4295[*] https://albagdad.wordpress.com/
4296[*] https://albagdad.wordpress.com/2019/06/03/নাস্তিক-ধর-জবাই-কর/
4297[*] https://albagdad.wordpress.com/2019/06/04/ঈদ-খুশীর-হবে-সেদিন/
4298[*] https://albagdad.wordpress.com/2019/06/12/দিনে-দিনে-মুসলমানদের-অবস/
4299[*] https://albagdad.wordpress.com/2019/06/18/বিবাহের-সুন্নাহ-সমূহ/
4300[*] https://albagdad.wordpress.com/2019/10/26/খোলা-চিঠি।-মুফতী-মাসুম-বী/
4301[*] https://albagdad.wordpress.com/2019/11/03/অশালীন-আজকের-সমাজটা।কবি/
4302[*] https://albagdad.wordpress.com/2019/11/03/অশালীন-আজকের-সমাজটা।কবি/#respond
4303[*] https://albagdad.wordpress.com/2019/11/03/প্রতিদিন-কতইনা-ব্যস্ততা/
4304[*] https://albagdad.wordpress.com/2019/11/03/প্রতিদিন-কতইনা-ব্যস্ততা/#respond
4305[*] https://albagdad.wordpress.com/2019/11/03/রাজপথ-রঞ্জিত-রক্তে-আজ/
4306[*] https://albagdad.wordpress.com/2019/11/03/রাজপথ-রঞ্জিত-রক্তে-আজ/#respond
4307[*] https://albagdad.wordpress.com/2019/11/10/তাগুতকে-মাননীয়-বলা-জায়েজ/
4308[*] https://albagdad.wordpress.com/2019/11/10/তাগুতকে-মাননীয়-বলা-জায়েজ/#respond
4309[*] https://albagdad.wordpress.com/2019/11/11/জিহাদে-নারীদের-ভূমিকা-১/
4310[*] https://albagdad.wordpress.com/2019/11/11/জিহাদে-নারীদের-ভূমিকা-১/#respond
4311[*] https://albagdad.wordpress.com/2019/11/13/জিহাদে-নারীদের-ভূমিকা-২/
4312[*] https://albagdad.wordpress.com/2019/11/13/জিহাদে-নারীদের-ভূমিকা-২/#respond
4313[*] https://albagdad.wordpress.com/2019/11/13/জিহাদে-নারীদের-ভূমিকা-৩/
4314[*] https://albagdad.wordpress.com/2019/11/13/জিহাদে-নারীদের-ভূমিকা-৩/#respond
4315[*] https://albagdad.wordpress.com/2019/11/14/জিহাদে-নারীদের-ভূমিকা-৪/
4316[*] https://albagdad.wordpress.com/2019/11/14/জিহাদে-নারীদের-ভূমিকা-৪/#respond
4317[*] https://albagdad.wordpress.com/2019/12/07/দলান্ধতার-কারগুজারী/
4318[*] https://albagdad.wordpress.com/2019/12/07/দলান্ধতার-কারগুজারী/#respond
4319[*] https://albagdad.wordpress.com/2019/12/22/প্রচলিত-তাবলীগ-জামাত-নিয়/
4320[*] https://albagdad.wordpress.com/2019/12/22/প্রচলিত-তাবলীগ-জামাত-নিয়/#respond
4321[*] https://albagdad.wordpress.com/author/albagdad/
4322[*] https://albagdad.wordpress.com/comments/feed/
4323[*] https://albagdad.wordpress.com/#directions
4324[*] https://albagdad.wordpress.com/feed/
4325[*] https://albagdad.wordpress.com/home/
4326[*] https://albagdad.wordpress.com/#main
4327[*] https://albagdad.wordpress.com/osd.xml
4328[*] https://albagdad.wordpress.com/page/2/
4329[*] https://albagdad.wordpress.com/#respond
4330[*] https://albagdad.wordpress.com/কোরআন/
4331[*] https://albagdad.wordpress.com/খারেজী/
4332[*] https://albagdad.wordpress.com/নিউজ/
4333[*] https://albagdad.wordpress.com/প্রবন্ধ/
4334[*] https://albagdad.wordpress.com/ফিক্বহ্-ও-ফতোয়া/
4335[*] https://albagdad.wordpress.com/মু্জাহীদিন-বার্তা/
4336[*] https://albagdad.wordpress.com/মৌদুদী-2/
4337[*] https://albagdad.wordpress.com/যুদ্ধের-পূর্বে-বিধর্মীদে/
4338[*] https://automattic.com/
4339[*] https://automattic.com/cookies
4340[*] https://automattic.com/privacy/
4341[*] https://automattic.com/work-with-us/code-wrangler/?utm_source=h4&utm_campaign=cw-php-we
4342[*] https://central.wordcamp.org/
4343[*] https://developer.wordpress.com/
4344[*] https://en.blog.wordpress.com/
4345[*] https://en.blog.wordpress.com/feed/
4346[*] https://en.forums.wordpress.com/
4347[*] https://en.support.wordpress.com/
4348[*] https://en.wordpress.com/osd.xml
4349[*] https://ma.tt/
4350[*] https://m.facebook.com/story.php?story_fbid=2135289683355302&id=100006228738371
4351[*] https://m.facebook.com/story.php?story_fbid=2163447390539531&id=100006228738371
4352[*] https://s1.wp.com/opensearch.xml
4353[*] https://store.wordpress.com/
4354[*] https://twitter.com/wordpressdotcom
4355[*] https://wordpress.com/
4356[*] https://wordpress.com/about/
4357[*] https://wordpress.com/features/
4358[*] https://wordpress.com/pricing/
4359[*] https://wordpress.com/?ref=footer_website
4360[*] https://wordpress.com/?ref=marketing_bar
4361[*] https://wordpress.com/start?ref=
4362[*] https://wordpress.com/start?ref=typo-reserved
4363[*] https://wordpress.com/start/?ref=websitebluefooter
4364[*] https://wordpress.com/themes/
4365[*] https://wordpress.com/tos/
4366[*] https://wordpress.com/wp-login.php?redirect_to=https://en.wordpress.com/typo/?subdomain=192
4367[*] https://wordpress.org/
4368[*] https://www.facebook.com/WordPresscom
4369cut: intervalle de champ incorrecte
4370Saisissez « cut --help » pour plus d'informations.
4371[INFO] Shodan detected the following opened ports on 192.0.78.13:
4372[*] 0
4373[*] 2
4374[*] 3
4375[*] 443
4376[*] 80
4377[INFO] ------VirusTotal SECTION------
4378[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
4379[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
4380[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
4381[INFO] ------Alexa Rank SECTION------
4382[INFO] Percent of Visitors Rank in Country:
4383[INFO] Percent of Search Traffic:
4384[INFO] Percent of Unique Visits:
4385[INFO] Total Sites Linking In:
4386[INFO] Useful links related to albagdad.wordpress.com - 192.0.78.13:
4387[*] https://www.virustotal.com/pt/ip-address/192.0.78.13/information/
4388[*] https://www.hybrid-analysis.com/search?host=192.0.78.13
4389[*] https://www.shodan.io/host/192.0.78.13
4390[*] https://www.senderbase.org/lookup/?search_string=192.0.78.13
4391[*] https://www.alienvault.com/open-threat-exchange/ip/192.0.78.13
4392[*] http://pastebin.com/search?q=192.0.78.13
4393[*] http://urlquery.net/search.php?q=192.0.78.13
4394[*] http://www.alexa.com/siteinfo/albagdad.wordpress.com
4395[*] http://www.google.com/safebrowsing/diagnostic?site=albagdad.wordpress.com
4396[*] https://censys.io/ipv4/192.0.78.13
4397[*] https://www.abuseipdb.com/check/192.0.78.13
4398[*] https://urlscan.io/search/#192.0.78.13
4399[*] https://github.com/search?q=192.0.78.13&type=Code
4400[INFO] Useful links related to AS2635 - 192.0.78.0/24:
4401[*] http://www.google.com/safebrowsing/diagnostic?site=AS:2635
4402[*] https://www.senderbase.org/lookup/?search_string=192.0.78.0/24
4403[*] http://bgp.he.net/AS2635
4404[*] https://stat.ripe.net/AS2635
4405[INFO] Date: 14/01/20 | Time: 13:32:25
4406[INFO] Total time: 0 minute(s) and 52 second(s)
4407######################################################################################################################################
4408[-] Target: https://albagdad.wordpress.com (192.0.78.12)
4409[I] Server: nginx
4410[L] X-Frame-Options: Not Enforced
4411[I] X-Content-Security-Policy: Not Enforced
4412[I] X-Content-Type-Options: Not Enforced
4413[L] Robots.txt Found: https://albagdad.wordpress.com/robots.txt
4414[I] CMS Detection: WordPress
4415[I] Wordpress Theme: pub
4416[M] EDB-ID: 17613 "WordPress Plugin E-Commerce 3.8.4 - SQL Injection"
4417[M] EDB-ID: 18198 "Family Connections CMS 2.5.0/2.7.1 - 'less.php' Remote Command Execution"
4418[M] EDB-ID: 18417 "WordPress 3.3.1 - Multiple Vulnerabilities"
4419[M] EDB-ID: 23494 "WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload"
4420[M] EDB-ID: 24515 "Cometchat Application - Multiple Vulnerabilities"
4421[M] EDB-ID: 25723 "WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities"
4422[M] EDB-ID: 27531 "WordPress Plugin Hms Testimonials 2.0.10 - Multiple Vulnerabilities"
4423[M] EDB-ID: 28054 "WordPress Plugin IndiaNIC Testimonial - Multiple Vulnerabilities"
4424[M] EDB-ID: 29754 "WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting"
4425[M] EDB-ID: 30443 "WordPress Theme Persuasion 2.x - Arbitrary File Download / File Deletion"
4426[M] EDB-ID: 33851 "Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution"
4427[M] EDB-ID: 35385 "WordPress Plugin Slider REvolution 3.0.95 / Showbiz Pro 1.7.1 - Arbitrary File Upload"
4428[M] EDB-ID: 36061 "WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection"
4429[M] EDB-ID: 36844 "WordPress 4.2 - Persistent Cross-Site Scripting"
4430[M] EDB-ID: 36954 "WordPress Plugin Yet Another Related Posts 4.2.4 - Cross-Site Request Forgery"
4431[M] EDB-ID: 37705 "WordPress Plugin Unite Gallery Lite 1.4.6 - Multiple Vulnerabilities"
4432[M] EDB-ID: 38086 "WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities"
4433[M] EDB-ID: 39339 "BK Mobile jQuery CMS 2.4 - Multiple Vulnerabilities"
4434[M] EDB-ID: 39513 "WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities"
4435[M] EDB-ID: 39536 "WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities"
4436[M] EDB-ID: 39552 "WordPress Theme Beauty & Clean 1.0.8 - Arbitrary File Upload"
4437[M] EDB-ID: 40042 "WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection"
4438[M] EDB-ID: 41857 "WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection"
4439[M] EDB-ID: 42129 "WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting"
4440[M] EDB-ID: 43889 "CMS Made Simple 1.11.9 - Multiple Vulnerabilities"
4441[M] EDB-ID: 4397 "Claymore Dual GPU Miner 10.5 - Format String"
4442[M] EDB-ID: 44595 "WordPress Plugin User Role Editor < 4.25 - Privilege Escalation"
4443[M] EDB-ID: 46537 "WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion"
4444[M] EDB-ID: 47516 "WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting"
4445[M] EDB-ID: 47517 "WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting"
4446[M] EDB-ID: 47518 "WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting"
4447[M] EDB-ID: 8820 "amember 3.1.7 - Cross-Site Scripting / SQL Injection / HTML Injection"
4448[-] WordPress usernames identified:
4449[M] ইসলামের জন্য যুদ্ধ
4450[M] XML-RPC services are enabled
4451[M] Website vulnerable to XML-RPC Brute Force Vulnerability
4452[I] Autocomplete Off Not Found: https://albagdad.wordpress.com/wp-login.php
4453[-] Default WordPress Files:
4454[I] https://albagdad.wordpress.com/wp-content/themes/twentyten/license.txt
4455[I] https://albagdad.wordpress.com/wp-content/themes/twentyten/readme.txt
4456[I] https://albagdad.wordpress.com/wp-includes/ID3/license.commercial.txt
4457[I] https://albagdad.wordpress.com/wp-includes/ID3/license.txt
4458[I] https://albagdad.wordpress.com/wp-includes/ID3/readme.txt
4459[I] https://albagdad.wordpress.com/wp-includes/images/crystal/license.txt
4460[I] https://albagdad.wordpress.com/wp-includes/js/plupload/license.txt
4461[I] https://albagdad.wordpress.com/wp-includes/js/tinymce/license.txt
4462[-] Searching Wordpress Plugins ...
4463[I] akismet
4464[M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
4465[M] EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
4466[I] bbpress v2.5.12
4467[M] EDB-ID: 22396 "WordPress Plugin bbPress - Multiple Vulnerabilities"
4468[I] custom-fonts
4469[I] feed
4470[M] EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
4471[I] gutenberg-blocks
4472[I] ie-sitemode
4473[I] Checking for Directory Listing Enabled ...
4474[-] Date & Time: 14/01/2020 13:33:45
4475[-] Completed in: 0:03:00
4476######################################################################################################################################
4477 Anonymous JTSEC #OpISIS Full Recon #29