CVE-2024-49368

CVE-2024-49368 affects Nginx UI prior to version 2.0.0-beta.36. The issue arises when configuring logrotate: unverified input is passed to exec.Command, allowing arbitrary command execution. The fixed version is 2.0.0-beta.36. This is documented across multiple sources (Red Hat, NVD, CVE lists, a...

CVE-2024-49368 Unchecked logrotate settings lead to arbitrary command execution

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue...

CVE-2024-49368 Unchecked logrotate settings lead to arbitrary command execution

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue...

CVE-2024-49367 Nginx UI's log path can be controlled

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at /api/configs to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue...

CVE-2024-49367

CVE-2024-49367 affects Nginx UI prior to version 2.0.0-beta.36. The issue is a controllable log path that, when combined with directory traversal at the /api/configs endpoint, allows reading directories and file contents on the server. A fixed version is 2.0.0-beta.36. Connected sources confirm t...

CVE-2024-49367 Nginx UI's log path can be controlled

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at /api/configs to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue...

CVE-2024-49367 Nginx UI's log path can be controlled

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at /api/configs to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue...

CVE-2024-49366 Nginx UI's json field can construct a directory traversal payload, causing arbitrary files to be written

Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of ../../. Arbitrary files can be written to the server, which may result in loss of permissions...

CVE-2024-49366

Nginx UI (versions up to 2.0.0-beta.35) is affected by a directory-traversal vulnerability where the UI reads a value from a JSON field without verification, enabling payloads like ../../ to write arbitrary files on the server and potentially cause permission loss. A fix is available: upgrade to ...

CVE-2024-49366 Nginx UI's json field can construct a directory traversal payload, causing arbitrary files to be written

Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of ../../. Arbitrary files can be written to the server, which may result in loss of permissions...

CVE-2024-49366 Nginx UI's json field can construct a directory traversal payload, causing arbitrary files to be written

Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of ../../. Arbitrary files can be written to the server, which may result in loss of permissions...

Unauthenticated local file disclosure on Milesight DeviceHub

TL;DR Nginx container on Milesight DeviceHub includes MQTT private key store Can download MQTT private keys across network Milesight eventually responded and issued a firmware update Unauthenticated local file disclosure on Milesight DeviceHub CVSS: 6.5 Medium CVSS:3.1:...

Nginx UI 安全漏洞

Nginx UI is a WebUI for Nginx by Jacky's personal developer. A security vulnerability exists in Nginx UI versions prior to 2.0.0-beta.36, which stems from the fact that its log path is controlled, allowing an attacker to read the contents of directories and files on the server in conjunction with...

Nginx UI 输入验证错误漏洞

Nginx UI is a WebUI for Nginx by Jacky Personal Developer. An input validation error vulnerability exists in versions of Nginx UI prior to 2.0.0-beta.36, which stems from a failure to validate input when configuring logrotate, leading to arbitrary command execution...

Nginx UI 路径遍历漏洞

Nginx UI is a WebUI for Nginx by Jacky Personal Developer. A path traversal vulnerability exists in Nginx UI 2.0.0-beta.35 and earlier versions, which originates from obtaining a value from a json field without authentication, writing an arbitrary file to the server, and leading to loss of...

CVE-2024-7347 affecting package nginx for versions less than 1.25.4-2

CVE-2024-7347 affecting package nginx for versions less than 1.25.4-2. A patched version of the package is available...

Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy

Description Path traversal This vulnerability allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the...

Ubuntu: Security Advisory (USN-7014-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7014-3: nginx vulnerability

USN-7014-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered that the nginx ngxhttpmp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote...

USN-7014-3 nginx vulnerability

USN-7014-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered that the nginx ngxhttpmp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote...