Lucene search
K

49 matches found

ATTACKERKB
ATTACKERKB
added 2022/07/13 7:15 p.m.11 views

CVE-2022-22982

The vCenter Server contains a server-side request forgery SSRF vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service...

7.5CVSS7.1AI score0.00789EPSS
Exploits0References2
CNVD
CNVD
added 2022/03/31 12:0 a.m.27 views

Joomla! input validation error vulnerability (CNVD-2022-64098)

Joomla! is a set of forum components used in the Joomla! content management system. versions 2.5.0 to 3.10.6 and 4.0.0 to 4.1.0 contain an input validation error vulnerability that can be exploited by attackers to invalidate the check of whether the redirected url is internal, possibly leading to...

6.1CVSS3.9AI score0.00566EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/10/23 11:30 a.m.55 views

Basecamp: Remote Code Execution in Basecamp Windows Electron App

The Windows application for Basecamp, allows a "Download" feature for images in your posts. Under certain restrictions, those files are downloaded and sometimes even automatically opened executed. The file will be executed if it's a download from an internal URL and the mimetype is text/calendar...

0.5AI score
Exploits0
OSV
OSV
added 2019/10/02 7:15 p.m.3 views

CVE-2019-14959

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection...

5.9CVSS6.3AI score0.00656EPSS
Exploits0References1
Prion
Prion
added 2019/10/02 7:15 p.m.25 views

Design/Logic Flaw

JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection...

4.3CVSS5.7AI score0.00656EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/06/26 7:15 p.m.3 views

UBUNTU-CVE-2019-10133

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs...

6.1CVSS6.5AI score0.009EPSS
Exploits0References4
CNVD
CNVD
added 2018/11/07 12:0 a.m.5 views

GitLab Kubernetes integration server-side request forgery vulnerability

GitLab is a suite of open source applications developed with Ruby on Rails that enables a self-hosted Git version control system project repository with Github-like functionality for accessing a project's file contents, commit history, bug lists, etc. The GitLab Kubernetes integration is a versio...

10CVSS6.9AI score0.01579EPSS
Exploits1References1
Hacker One
Hacker One
added 2018/05/27 3:39 p.m.41 views

DuckDuckGo: SSRF in proxy.duckduckgo.com via the image_host parameter

Description https://proxy.duckduckgo.com/iur/ endpoint is vulnerable to ssrf via imagehost get parameter. Vulnerable URL: https://proxy.duckduckgo.com/iur/?f=1&imagehost=https://tudomanyok.hu/ Some internal URL: https://proxy.duckduckgo.com/iur/?f=1&imagehost=https://127.0.0.1:18091/...

0.4AI score
Exploits0
Prion
Prion
added 2014/12/15 6:59 p.m.17 views

Design/Logic Flaw

Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382...

5CVSS6.7AI score0.01407EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder