CVE-2024-7646

A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects in the networking.k8s.io or extensions API group can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default...

The vulnerability of the _nginxCmd() function of the Nginx web server control software, specifically the strong-nginx-controller, allows attackers to execute arbitrary commands.

The vulnerability of the nginxCmd function of the Nginx web server control software exists because measures to neutralize specific elements have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

copyparty vulnerable to reflected cross-site scripting via k304 parameter

Summary The application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=... Details A reflected cross-site scripting XSS vulnerability exists in the web interface of the application that could allow an attacker to execute malicious javascript code by tricking user...

Command Injection

Overview strong-nginx-controller is a module that Provides reverse-proxy and load-balancning support for multiple strong-pm instances configured and run using StrongLoop Arc. Affected versions of this package are vulnerable to Command Injection. The first argument of function nginxCmd can be...