Security
Headlines
HeadlinesLatestCVEs

Tag

#nginx

CVE-2022-47715: GitHub - l00neyhacker/CVE-2022-47715

In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.

CVE
#csrf#web#git#nginx
CVE-2022-47717: GitHub - l00neyhacker/CVE-2022-47717: CVE-2022-47717

Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).

CVE-2021-21395: openmage/magento-lts - Packagist

Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user submits new password. This issue is patched in versions 19.4.22 and 20.0.19. There are no workarounds.

CVE-2023-23596: nginx-proxy-manager/access-list.js at 4f10d129c20cc82494b95cc94b97f859dbd4b54d · NginxProxyManager/nginx-proxy-manager

jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an authenticated attacker to execute arbitrary commands on the system. NOTE: this is not part of any NGINX software shipped by F5.

CVE-2020-36647: [N.B. : App to be downgraded to level 4 if this ain't fixed soon...] Update nginx.conf to protect against path traversal issue by alexAubin · Pull Request #75 · YunoHost-Apps/transmission_ynh

A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The name of the patch is f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to fix this issue. VDB-217638 is the identifier assigned to this vulnerability.

CVE-2022-37787: GitHub - WeBankPartners/wecube-platform: WeCube Platform

An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerability has been found on the plugin database execution page.

CVE-2020-36629: Security Fix for Path Traversal - huntr.dev by huntr-helper · Pull Request #36 · SimbCo/httpster

A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748.