CVE-2024-45518

An issue was discovered in Zimbra Collaboration ZCS 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery SSRF due to improper input sanitization and misconfigured domain whitelisting. Th...

Fortinet FortiWeb Open redirect due to missing domain whitelisting (FG-IR-21-133)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-133 advisory. - A url redirection to untrusted site 'open redirect' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows...

CVE-2024-45518

An issue was discovered in Zimbra Collaboration ZCS 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery SSRF due to improper input sanitization and misconfigured domain whitelisting. Th...

CVE-2024-45518

Vulnerability: CVE-2024-45518 affects Zimbra Collaboration (ZCS) versions including 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. The issue is Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisti...

CVE-2024-45518

An issue was discovered in Zimbra Collaboration ZCS 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery SSRF due to improper input sanitization and misconfigured domain whitelisting. Th...

PT-2024-6227 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 10.1.x through 10.1.0 Zimbra Collaboration ZCS versions 10.0.x through 10.0.8 Zimbra Collaboration ZCS 9.0.0 before Patch 41 Zimbra Collaboration ZCS 8.8.15 before Patch 46 Description: An issue in Zimbra...

Dell SupportAssist for Home PCs Information Disclosure Vulnerability

Dell SupportAssist for Home PCs is a client application for home computers from Dell USA. The program provides automation, proactive and predictive techniques for troubleshooting and more. An information disclosure vulnerability exists in Dell SupportAssist for Home PCs version 3.11.2 and prior...

Dell SupportAssist for Home PCs 安全漏洞

Dell SupportAssist for Home PCs is a client application for home computers from Dell USA. The program provides automation, proactive and predictive techniques for troubleshooting and more. An information disclosure vulnerability exists in Dell SupportAssist for Home PCs version 3.11.2 and prior...

X (Formerly Twitter): Subdomain takeover of images.crossinstall.com

Summary images.crossinstall.com points to an AWS S3 bucket that no longer exists. I was able to take control of this bucket and put my own content onto it. I can now serve content on this domain, obtain a TLS certificate for this domain, etc. If any customers or servers are pointing to anything...

Zego: Subdomain takeover of v.zego.com

Summary v.zego.com points to an AWS EC2 instance at 52.214.138.192 that no longer exists. I was able to take control of this IP address and run my own EC2 instance. I can now serve content on this domain, obtain a TLS certificate for this domain, etc. If any customers or servers are pointing to...

Palo Alto Software: Subdomain takeover of www2.growasyouplan.com

Summary www2.growasyouplan.com points to an AWS EC2 instance at 67.202.62.93 that no longer exists. I was able to take control of this IP address and run my own EC2 instance. I can now serve content on this domain, obtain a TLS certificate for this domain, etc. If any customers or servers are...

PacketWhisper Exfiltration Toolset

PacketWhisper – Stealthily Transfer Data & Defeat Attribution Using DNS Queries & Text-Based Steganography, without the need for attacker-controlled Name Servers or domains; Evade DLP/MLS Devices; Defeat Data- & DNS Name Server Whitelisting Controls. Convert any file type e.g. executables, Office...

Factlink: Url Redirection

Hello, You can redirect to any url with this- http://staging.fct.li/?url=www.google.com You need to Whitelist Domains...