GHSA-2647-C639-QV2J Server-Side Request Forgery in calibreweb

calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is due to an incomplete fix for CVE-2022-0339. The blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...

CVE-2022-0766

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...

CVE-2022-0767

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...

CVE-2022-0766

Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.17...

CVE-2011-2515

PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code...

TANne 0.6.17 Session Manager SysLog Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6553/info TANne is a freely available, open source session management package. It is available for Unix and Linux operating systems. Due to programming error, it may be possible to exploit a format string vulnerability. A...

PT-2012-3956 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 0.6.17 Node.js versions prior to 0.7.8 Description: The issue allows remote attackers to obtain sensitive information, such as request header contents, and possibly spoof HTTP headers via a zero-length string. This i...

HTTP Server Security Vulnerability: Please upgrade to 0.6.17

HTTP Server Security Vulnerability: Please upgrade to 0.6.17 tl;dr A carefully crafted attack request can cause the contents of the HTTP parser's buffer to be appended to the attacking request's header, making it appear to come from the attacker. Since it is generally safe to echo back contents o...

CVE-2003-1236

Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog...

CVE-2003-1236

CVE-2003-1236 involves multiple format-string vulnerabilities in the logger function of netzio.c for the Tanne 0.6.17 release, allowing remote attackers to execute arbitrary code via format specifiers in syslog. The entry is supported by multiple sources (NVD/CVE records, CVE List, Nessus/NSM fin...