Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
proxy vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45312
In the mtproto_proxy (aka MTProto proxy) component up to and including 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability.
Mtproto Mt Proto Proxy
NA
CVE-2022-45384
Jenkins Reverse Proxy Auth Plugin 1.7.3 and previous versions stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
Jenkins Reverse Proxy Auth
320
VMScore
CVE-2021-3456
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local malicious user to access and delete limited resources ...
Theforeman Smart Proxy Salt
NA
CVE-2023-23596
jc21 NGINX Proxy Manager up to and including 2.9.19 allows OS command injection. When creating an access list, the backend builds an htpasswd file with crafted username and/or password input that is concatenated without any validation, and is directly passed to the exec command, ...
Jc21 Nginx Proxy Manager
NA
CVE-2022-37153
An issue exists in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.
Articatech Artica Proxy 4.30.000000
1 Github repository
187
VMScore
CVE-2018-1000150
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system access to obtain a list of authorities for logged in users.
Jenkins Reverse Proxy Auth
445
VMScore
CVE-2021-23664
The package @isomorphic-git/cors-proxy prior to 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.
Isomorphic-git Cors-proxy
605
VMScore
CVE-2017-7635
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
Qnap Nas Proxy Server
383
VMScore
CVE-2017-7636
Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote malicious users to inject arbitrary web script or HTML.
Qnap Nas Proxy Server
890
VMScore
CVE-2017-7637
QNAP NAS application Proxy Server through version 1.2.0 allows remote malicious users to run arbitrary OS commands against the system with root privileges.
Qnap Nas Proxy Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »