Maxim Dounin

2 exploits Active since Jul 2013
CVE-2013-2028 NOMISEC WORKING POC
nginx 1.3.9-1.4.0 - Remote Code Execution via Chunked Transfer-Encoding
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
55 stars
CVE-2017-20005 WRITEUP CRITICAL WRITEUP
NGINX < 1.13.6 - Buffer Overflow in Autoindex Module via Four-Digit Year Handling
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
CVSS 9.8