49 matches found
CVE-2022-22982
The vCenter Server contains a server-side request forgery SSRF vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service...
Joomla! input validation error vulnerability (CNVD-2022-64098)
Joomla! is a set of forum components used in the Joomla! content management system. versions 2.5.0 to 3.10.6 and 4.0.0 to 4.1.0 contain an input validation error vulnerability that can be exploited by attackers to invalidate the check of whether the redirected url is internal, possibly leading to...
Basecamp: Remote Code Execution in Basecamp Windows Electron App
The Windows application for Basecamp, allows a "Download" feature for images in your posts. Under certain restrictions, those files are downloaded and sometimes even automatically opened executed. The file will be executed if it's a download from an internal URL and the mimetype is text/calendar...
CVE-2019-14959
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection...
Design/Logic Flaw
JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a cleartext http connection...
UBUNTU-CVE-2019-10133
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs...
GitLab Kubernetes integration server-side request forgery vulnerability
GitLab is a suite of open source applications developed with Ruby on Rails that enables a self-hosted Git version control system project repository with Github-like functionality for accessing a project's file contents, commit history, bug lists, etc. The GitLab Kubernetes integration is a versio...
DuckDuckGo: SSRF in proxy.duckduckgo.com via the image_host parameter
Description https://proxy.duckduckgo.com/iur/ endpoint is vulnerable to ssrf via imagehost get parameter. Vulnerable URL: https://proxy.duckduckgo.com/iur/?f=1&imagehost=https://tudomanyok.hu/ Some internal URL: https://proxy.duckduckgo.com/iur/?f=1&imagehost=https://127.0.0.1:18091/...
Design/Logic Flaw
Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382...