74 matches found
CVE-2020-28978
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF...
WordPress Canto plugin 代码问题漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A server-side request forgery vulnerability exists in WordPress Canto plugin 1.3.0. An attacker can...
WordPress Canto plugin 代码问题漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A server-side request forgery vulnerability exists in WordPress Canto plugin 1.3.0. An attacker can...
LY Corporation: Blind SSRF in social-plugins.line.me
LINE Social Plugins https://social-plugins.line.me/ is a service that provides LINE users with content sharing on the web. This Blind SSRF attack was caused by bypassing the DNS verification of the parameter value received. It could have made requests to internal servers or scanned internal netwo...
IBM API Connect Information Disclosure Vulnerability (CNVD-2019-31124)
IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An information disclosure vulnerability exists in IBM API Connect versions 2018.1 through...
CVE-2017-7528
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems using callback...
Penetration Testing Requirements for GDPR
We get lots of people asking us what it is they need to have tested as a requirement for GDPR Compliance, so I've put this together to provide some clarity. This post is NOT a definitive guide to the General Data Protection Regulations. It is however, helpful, real world advice about what you...
Trend Micro OfficeScan Server Request Forgery Vulnerability
Trend Micro OfficeScan is a best-of-breed endpoint security solution for mid-sized and large organizations, with a future-proof, resilient architecture that allows you to customize your threat protection and data protection through plug-ins. A server request forgery vulnerability exists in Trend...
Design/Logic Flaw
IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections between internal servers, which allows remote...
The vulnerability of the ColdFusion interpreter allows attackers to redirect HTTP traffic to internal servers.
The vulnerability of the Adobe BlazeDS interpreter, ColdFusion, exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to redirect HTTP traffic to internal servers using a specially crafted XML document related to a forged SSRF request...
Factlink: Proxy discloses internal web servers
Hi guys, I found a bug that allows users of your proxy to retrieve pages from your internal web servers -- in this case, the 172.16.64.0/24 subnet. As an example, please see this link. As you will see, it returns the HTML of your Chef server which, I assume, cannot be accessed from the internet. ...
Apache Patch released for Reverse proxy Bypass Vulnerability
Apache Patch released for Reverse proxy Bypass Vulnerability Security experts at Context have discovered a hole in the Apache web server that allows remote attackers to access internal servers. Security experts are warning firms running the Apache web server to keep up to date with the latest...
Apache mod_proxy Reverse Proxy Exposure
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache HTTP Server Security Advisory ==================================== Title: modproxy reverse proxy exposure CVE: CVE-2011-3368 Date: 20111005 Product: Apache HTTP Server Versions: httpd 1.3 all versions, httpd 2...
Symantec LiveUpdate Administrator Web Detection
Symantec LiveUpdate Administrator LUA was detected on the remote host. LUA provides centralized management for multiple internal LiveUpdate servers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid53208; scriptversion"1.7"; scriptcvsdate"Date: 2019/11/22";...