Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2023-44487

Disclosure Date: October 10, 2023 (last updated June 28, 2024)
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
1
0
Attacker Value
Unknown

CVE-2023-27224

Disclosure Date: March 22, 2023 (last updated October 08, 2023)
An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-23596

Disclosure Date: January 20, 2023 (last updated October 08, 2023)
jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, potentially allowing an authenticated attacker to execute arbitrary commands on the system. NOTE: this is not part of any NGINX software shipped by F5.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-28379

Disclosure Date: April 03, 2022 (last updated October 07, 2023)
jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-15517

Disclosure Date: August 23, 2019 (last updated November 27, 2024)
jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal.
0
0