WordPress Blocksy Companion Plugin <= 2.0.42 is vulnerable to Server Side Request Forgery (SSRF)

Software Blocksy Companion Type Plugin Vulnerable versions = 2.0.42 Fixed in 2.0.43 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-35633 Patch priority Low CVSS severity Low 4.4 Developer Creative Themes PSID 17f8e8024338 Credits...

Default configuration

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...

CVE-2023-27591 Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics

Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. A patch is available in...

Miniflux 安全漏洞

Miniflux is a minimalist synopsis reader. A security vulnerability exists in Miniflux versions prior to 2.0.43. An attacker exploiting this vulnerability could access Prometheus metrics...

PT-2023-21231 · Miniflux · Miniflux

Name of the Vulnerable Software and Affected Versions: Miniflux versions prior to 2.0.43 Description: Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICS COLLECTOR configuration...

SUSE CVE-2002-0843

Buffer overflows in the ApacheBench benchmark support program ab.c in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response...

SAPIDO RB-1732 Remote Command Execution

Exploit Title: SAPIDO RB-1732 command line execution Date: 2019-6-24 Exploit Author: k1nm3n.aotoi Vendor Homepage: http://www.sapido.com.tw/ Software Link: http://www.sapido.com.tw/CH/data/Download/firmware/rb1732/tc/RB-1732TCv2.0.43.bin Version: RB-1732 V2.0.43 Tested on: linux import requests...

Apache < 2.0.43 HTTP POST Request Source Disclosure

Binary data 1489.prm...

security flaw

Buffer overflows in the ApacheBench benchmark support program ab.c in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response...

security flaw

Buffer overflows in the ApacheBench benchmark support program ab.c in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response...

Apache discloses source code via POST requests to a location with WebDAV and CGI enabled

Overview There is an information leakage in Apache that results from an interaction between WebDAV and CGI. Description Apache version 2.0.42 allows remote attackers to obtain the source code of CGI scripts that are stored in locations for which both CGI and WebDAV are enabled. When a POST reques...