58 matches found
Plack::Middleware::Statsd 安全漏洞
Plack::Middleware::Statsd is a middleware component for logging web request metrics and sending them to a statistics system by Robert Rothenberg, an individual developer. A security vulnerability exists in Plack::Middleware::Statsd prior to version 0.9.0, which stems from an unencrypted...
GitLab Enterprise Edition(EE) 代码注入漏洞
GitLab Enterprise Edition EE is a content management system developed by the American company GitLab. Versions of GitLab Enterprise Edition prior to 18.8.9, 18.9.5, and 18.10.3 contained a code injection vulnerability. This vulnerability stemmed from authorization issues in the code quality repor...
EUVD-2019-9502
Malware in sbrugna...
EUVD-2019-7423
Malware in sbrugna...
EUVD-2004-1796
Malware in sbrugna...
CVE-2025-59055 InstantCMS vulnerable to Server-Side Request Forgery via package installer
InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery SSRF vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers to make nay HTTP/HTTPS request via the package parameter. It is possible to make any HTTP/HTTPS...
CVE-2023-40292
Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets...
CVE-2024-45653
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system...
CVE-2024-51992
The CVE-2024-51992 issue affects Orchid Platform versions 8 through 14.42.x and stems from a method exposure vulnerability in the platform’s asynchronous modal functionality. The root cause is exposing dangerous methods within the Screen class, enabling an attacker to call arbitrary methods. Clai...
PT-2024-36: Calling arbitrary methods in Orchid Platform
The vulnerability was identified in Orchid Platform versions 8 - 14.42.x. Discovered vulnerability can be exploited by an attacker to call arbitrary methods in the Screen class, which could lead to the ability to brute force database tables and disclosure of the server's IP address. Vulnerability...
WordPress Contest Gallery plugin <= 23.1.2 - Unauthenticated Comment UserID And IP address Disclosure vulnerability
Unauthenticated Comment UserID And IP address Disclosure vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Contest Gallery versions = 23.1.2...
CVE-2023-38059
The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; OTRS Community Edition: from 6.0.X through...
Code injection
Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets...
CVE-2023-40292
Harman Infotainment versions 20190525031613 and later disclose the IP address via CarPlay CTRL packets. The vulnerability arises from CarPlay CTRL packet handling in the Harman Infotainment stack, enabling an attacker with access to CarPlay CTRL traffic to learn the device IP. Affected product: H...
Security Updates for Microsoft Office Products C2R (June 2020)
The Microsoft Office Products are missing a security update. It is, therefore, affected by the following vulnerability : - A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system. An attacker who successfully...
Security Feature Bypass Vulnerability for Word C2R (June 2020)
The Microsoft Word Products is missing a security update, and Therefore is affected by a security feature bypass vulnerability. An attacker who exploited this vulnerability could cause a system to load remote images which could disclose the IP address of the targeted system to the attacker. C...
CVE-2018-19120
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address...
Code injection
IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863...
CVE-2017-0371
MediaWiki vulnerability CVE-2017-0371 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV containing an attacker-controlled URL in the title attribute. Affected are MediaWiki versions: pre-1.23.16; 1.24.x throu...
Improper Authorization in phpipam/phpipam
Description In phpIPAM 1.4.5, a normal user with the role of Usercould view/read the log files via show-logs.php, errorlogs.php and accesslogs.php endpoints. It is supposedly accessible by the Administrator only. Proof of Concept Tested version: phpIPAM 1.4.5 Affected endpoints: 1 GET/POST...