105 matches found
PT-2024-4599 · Nginx · Nginx Proxy Manager
Name of the Vulnerable Software and Affected Versions: NGINX Proxy Manager versions prior to 2.11.3 Description: The issue allows an authenticated user with certificate management privileges to inject OS commands through untrusted input in the DNS provider configuration, potentially enabling remo...
The vulnerability of the Nginx Proxy Manager, a proxy server for managing hosts, arises from its lack of data cleansing measures at the management level. This allows attackers to execute arbitrary code.
The vulnerability of the Nginx Proxy Manager, a proxy server for managing hosts, is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability of the utils.exec build method of the Nginx Proxy Manager web proxy server allows a hacker to execute arbitrary commands on the server.
The vulnerability of the utils.exec build method of the Nginx Proxy Manager proxy server exists because measures to eliminate special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the server...
CVE-2023-23596
jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...
CVE-2023-23596
jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...
Command injection
jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...
jc21 NGINX Proxy Manager 操作系统命令注入漏洞
jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. A security vulnerability exists in jc21 NGINX Proxy Manager version 2.9.19 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary commands on the system...
CVE-2023-23596
CVE-2023-23596 affects jc21 NGINX Proxy Manager up to version 2.9.19. The issue arises when creating an access list: the backend builds an htpasswd file using crafted username/password inputs that are concatenated without validation and directly passed to an exec command, enabling potential OS co...
CVE-2023-23596
jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an...
The vulnerability of the Nginx Proxy Manager, a proxy server for managing hosts, arises from its lack of security measures to protect the structure of web pages. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Nginx web server proxy management server exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
jc21 Nginx Proxy Manager Cross-Site Scripting Vulnerability
jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...
CVE-2022-28379
jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...
CVE-2022-28379
jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...
CVE-2022-28379
jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...
Arbitrary file deletion
jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...
CVE-2022-28379
jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion...
CVE-2022-28379
CVE-2022-28379 affects jc21.com Nginx Proxy Manager prior to 2.9.17, with a cross-site scripting (XSS) vulnerability introduced by a lack of data validation/filtering of user-supplied data during item deletion in the graphical UI. The root cause is insufficient input/output sanitization, enabling...
jc21 Nginx Proxy Manager 跨站脚本漏洞
jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...
jc21 Nginx Proxy Manager Path Traversal Vulnerability
jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. A path traversal vulnerability exists in versions of jc21 Nginx Proxy Manager prior to 2.0.13, which can be exploited by an attacker to access locations outside of a restricted directory...
CVE-2019-15517
jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal...