23 matches found
EUVD-2020-4047
Malware in sbrugna...
Siemens TeleControl Server Basic SQL注入漏洞
Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that stems from an SQL injection in the ImportCertificate method, which can be exploited by an attacker to bypass authorization...
CVE-2024-23827
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2024-41938
A vulnerability has been identified in SINEC NMS All versions V3.0. The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is...
GO-2024-2481 Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in github.com/0xJacky/Nginx-UI
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in github.com/0xJacky/Nginx-UI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive report...
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Summary The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system...
GHSA-XVQ9-4VPV-227M Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Summary The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system...
Remote code execution
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2024-23827
Summary of CVE-2024-23827 (Nginx-UI) Nginx-UI (github.com/0xJacky/Nginx-UI) exposes an Import Certificate feature via the API endpoint /api/cert which allows writing uploaded certificate data and keys to arbitrary filesystem paths. The write logic accepts path fields (ssl_certificate_path, ssl_ce...
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2022-35271
A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...
CVE-2022-35267
A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...
CVE-2022-33313
Multiple command injection vulnerabilities exist in the webserver action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The...
CVE-2022-33312
Multiple command injection vulnerabilities exist in the webserver action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The...
Robustel R1510 操作系统命令注入漏洞
The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be subject to a command injection vulnerability in the...
Zap-Hud - The OWASP ZAP Heads Up Display (HUD)
The HUD is new interface that provides the functionality of ZAP directly in the browser. Learn more: Blog: Hacking with a Heads Up Display Video: The OWASP ZAP HUD - Usable Security Tooling Wiki: Inside the HUD Using the HUD Downloading You can try out ZAP enabled with the HUD via any of: Downloa...
CVE-2020-24601
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page...
CVE-2020-24601
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page...