#nginx

CVE-2023-45539: Ambiguity about how to deal with received fragments in URI from Willy Tarreau on 2023-07-27 ([email protected] from July to September 2023)

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

12 months ago

CVE

Open in Source

#web #apache #nginx

CVE-2023-48200: GitHub - grocy/grocy: ERP beyond your fridge - Grocy is a web-based self-hosted groceries & household management solution for your home

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component.

12 months ago

CVE

Open in Source

#sql #xss #vulnerability #web #windows #linux #nodejs #js #git #php #nginx #auth #docker #chrome #firefox

CVE-2023-42804: refactor (bbb-web): set presentation mapping as it is in nginx by gustavotrott · Pull Request #15960 · bigbluebutton/bigbluebutton

BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions (txt, swf, svg, png). In version 2.6.0-beta.1, input validation was added on the parameters being passed and dangerous characters are stripped. There are no known workarounds.

12 months ago

CVE

Open in Source

#vulnerability #web #git #nginx #auth

GHSA-fjhg-96cp-6fcw: Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

# Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML rendering functionalities. Snippet of Vulnerable Code: ```php public function render(array $timesheets, TimesheetQuery $query): Response { ... $content = $this->twig->render($this->getTemplate(), array_merge([ 'entries' => $timesheets, 'query' => $query, ... ], $this->getOptions($query))); ... $content = $this->converter->convertToPdf($content, $pdfOptions); ... return $this->createPdfResponse($content, $context); } ``` The vulnerability is triggered when the software attempts to render invoices, allowing the attacker to execute arbitrary code on the server. In below, you can find the docker-compose file was used for this testing: ``...

12 months ago

ghsa

Open in Source

#sql #csrf #vulnerability #git #php #rce #ldap #nginx #pdf #auth #docker #ssl

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows - CVE-2022-4886 (CVSS score: 8.8) - Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller CVE-2023-5043 (

1 year ago

The Hacker News

Open in Source

#vulnerability #kubernetes #perl #nginx #auth #ssl #The Hacker News

CVE-2023-45499: CVE-2023-45498: RCE in VinChin Backup

VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.

1 year ago

CVE

Open in Source

#vulnerability #web #rce #nginx #vmware #aws #hard_coded_credentials #auth

CVE-2023-5043: CVE-2023-5043: Ingress nginx annotation injection causes arbitrary command execution · Issue #10571 · kubernetes/ingress-nginx

Ingress nginx annotation injection causes arbitrary command execution.