3 matches found
GHSA-4FM3-GGG2-C6QX AzuraCast's Missing RequireInternalConnection on Liquidsoap API Allows Low-Privilege Metadata Injection and Broadcast Disruption
Summary The /api/internal/stationid/liquidsoap/action endpoint is accessible from the public web interface because it lacks the RequireInternalConnection middleware that protects other internal endpoints /sftp-auth, /sftp-event. Combined with a logic flaw where the $asAutoDj flag is set based on...
HCL BigFix SM 安全漏洞
HCL BigFix SM is an AI-driven service management platform module from HCL India. A security vulnerability exists in HCL BigFix SM that stems from an internal connection not using TLS encryption, which could lead to the disclosure of sensitive information...
GHSA-M435-9V6R-V5F6 MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
Summary The fix for the "SSRF Vulnerability on assetlinkscheckactname, wellknowns" vulnerability could potentially be bypassed. Details Since the requests.get request in the checkurl method is specified as allowredirects=True, if "https://mydomain.com/.well-known/assetlinks.json" returns a 302...