CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2022/01/25 8:15 p.m.•20 views

CVE-2022-23008

5.5CVSS0.00545EPSS

ATTACKERKB•added 2022/01/25 8:15 p.m.•5 views

CVE-2022-23008

5.5CVSS6.2AI score0.00545EPSS

Exploits0References2

Prion•added 2022/01/25 8:15 p.m.•14 views

Code injection

5.5CVSS5.5AI score0.00545EPSS

Exploits0References1Affected Software1

CVE•added 2022/01/25 7:11 p.m.•124 views

CVE-2022-23008

Summary: CVE-2022-23008 affects the NGINX Controller API Management software (versions 3.18.0–3.19.0). Vulnerability: An authenticated user with the user or admin role can access undisclosed API endpoints to inject JavaScript that runs on managed NGINX data plane instances. The Red Hat advisory c...

5.5CVSS5.9AI score0.00545EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/01/25 7:11 p.m.•28 views

CVE-2022-23008

5.8AI score0.00545EPSS

Pen Test Partners Blog•added 2022/01/25 6:8 a.m.•285 views

Vulnerabilities that aren’t. Cross Site Tracing / XST

This is the first of my posts that explain why some common security vulnerabilities are most likely not real threats. They should be treated as security enhancements rather than vulnerabilities. Bearing in mind the number of scanning tools that rate such vulnerabilities as "high" its no wonder...

10CVSS7.4AI score0.25061EPSS

Exploits6

Positive Technologies•added 2022/01/25 12:0 a.m.•3 views

PT-2022-15775 · Nginx · Nginx Controller Api Management

Name of the Vulnerable Software and Affected Versions: NGINX Controller API Management versions 3.18.0 through 3.19.0 Description: An authenticated attacker with access to the user or admin role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is...

5.5CVSS5.5AI score0.00545EPSS

Exploits0References4

Tenable Nessus•added 2022/01/24 12:0 a.m.•55 views

GLSA-202105-38 : nginx: Remote code execution

The remote host is affected by the vulnerability described in GLSA-202105-38 nginx: Remote code execution It was discovered that nginx did not properly handle DNS responses when resolver directive is used. Impact : A remote attacker, able to provide DNS responses to a nginx instance, could cause...

7.7CVSS8.4AI score0.52838EPSS

Exploits10References2

CNNVD•added 2022/01/21 12:0 a.m.•4 views

F5 Nginx 跨站脚本漏洞

The F5 NGINX Controller is a self-service, API-driven platform for managing NGINIX Plus that can be easily integrated into CI/CD workflows to accelerate application deployment and simplify application lifecycle management. user" or "admin" role access and authenticated attackers can use an...

5.5CVSS5.8AI score0.00545EPSS

Exploits0References3

CNVD•added 2022/01/21 12:0 a.m.•20 views

F5 NGINX Controller API Code Injection Vulnerability

5.5CVSS1.9AI score0.00545EPSS

NCSC•added 2022/01/21 12:0 a.m.•56 views

Vulnerabilities fixed in F5 products

F5 has fixed multiple vulnerabilities in several F5 products, including BIG-IP and BIG-IQ. Most of the updates are relate to the Traffic Management Microkernel TMM, a component of virtually all BIG-IP modules. The vulnerability with reference CVE-2022-23008 concerns the NGINX Controller API...

9CVSS7.4AI score0.01112EPSS

CISA•added 2022/01/20 12:0 a.m.•12 views

F5 Releases January 2022 Quarterly Security Notification

F5 has released its January 2022 Quarterly Security Notification addressing vulnerabilities affecting multiple versions of BIG-IP, BIG-IQ, and NGINX Controller API Management. A remote attacker could exploit these vulnerabilities to either deny service to, or take control of, an affected system...

7.1AI score

Exploits0References2

Exploit DB•added 2022/01/18 12:0 a.m.•349 views

OpenBMCS 2.4 - SQLi (Authenticated)

Exploit Title: OpenBMCS 2.4 - SQLi Authenticated Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Authenticated SQL Injection Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of...

Exploit DB•added 2022/01/18 12:0 a.m.•286 views

OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation

Exploit Title: OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Create Admin / Remote Privilege Escalation Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls...

Exploit DB•added 2022/01/18 12:0 a.m.•342 views

OpenBMCS 2.4 - Information Disclosure

Exploit Title: OpenBMCS 2.4 - Information Disclosure Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Secrets Disclosure Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your...

Exploit DB•added 2022/01/18 12:0 a.m.•293 views

OpenBMCS 2.4 - Server Side Request Forgery (SSRF) (Unauthenticated)

Exploit Title: OpenBMCS 2.4 - Server Side Request Forgery SSRF Unauthenticated Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Unauthenticated SSRF / RFI Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS...

0day.today•added 2022/01/17 12:0 a.m.•270 views

OpenBMCS 2.4 SQL Injection Vulnerability

OpenBMCS 2.4 Authenticated SQL Injection Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Ou...

7.1AI score

0day.today•added 2022/01/17 12:0 a.m.•251 views

OpenBMCS 2.4 Remote Privilege Escalation Vulnerability

OpenBMCS 2.4 Create Admin / Remote Privilege Escalation Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of...

7.1AI score

Packet Storm•added 2022/01/17 12:0 a.m.•290 views

OpenBMCS 2.4 SQL Injection