Lucene search
+L

74 matches found

OSV
OSV
added 2020/11/30 2:15 p.m.4 views

CVE-2020-28978

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF...

5.3CVSS6.1AI score0.15254EPSS
Exploits3References5
CNNVD
CNNVD
added 2020/11/30 12:0 a.m.9 views

WordPress Canto plugin 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A server-side request forgery vulnerability exists in WordPress Canto plugin 1.3.0. An attacker can...

5.3CVSS6AI score0.27771EPSS
Exploits3References8
CNNVD
CNNVD
added 2020/11/30 12:0 a.m.9 views

WordPress Canto plugin 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A server-side request forgery vulnerability exists in WordPress Canto plugin 1.3.0. An attacker can...

5.3CVSS6AI score0.15254EPSS
Exploits3References8
Hacker One
Hacker One
added 2020/03/29 7:51 a.m.12 views

LY Corporation: Blind SSRF in social-plugins.line.me

LINE Social Plugins https://social-plugins.line.me/ is a service that provides LINE users with content sharing on the web. This Blind SSRF attack was caused by bypassing the DNS verification of the parameter value received. It could have made requests to internal servers or scanned internal netwo...

6.8AI score
Exploits0
CNVD
CNVD
added 2019/08/21 12:0 a.m.4 views

IBM API Connect Information Disclosure Vulnerability (CNVD-2019-31124)

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An information disclosure vulnerability exists in IBM API Connect versions 2018.1 through...

8.2CVSS6AI score0.01448EPSS
Exploits0References1
NVD
NVD
added 2018/08/22 4:29 p.m.25 views

CVE-2017-7528

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems using callback...

6.5CVSS5.6AI score0.00599EPSS
Exploits0References2
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/05/18 8:3 a.m.23 views

Penetration Testing Requirements for GDPR

We get lots of people asking us what it is they need to have tested as a requirement for GDPR Compliance, so I've put this together to provide some clarity. This post is NOT a definitive guide to the General Data Protection Regulations. It is however, helpful, real world advice about what you...

7.1AI score
Exploits0
CNVD
CNVD
added 2017/09/29 12:0 a.m.4 views

Trend Micro OfficeScan Server Request Forgery Vulnerability

Trend Micro OfficeScan is a best-of-breed endpoint security solution for mid-sized and large organizations, with a future-proof, resilient architecture that allows you to customize your threat protection and data protection through plug-ins. A server request forgery vulnerability exists in Trend...

7AI score
Exploits0References1
Prion
Prion
added 2016/11/24 7:59 p.m.25 views

Design/Logic Flaw

IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections between internal servers, which allows remote...

2.9CVSS6.5AI score0.00471EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/12/14 12:0 a.m.7 views

The vulnerability of the ColdFusion interpreter allows attackers to redirect HTTP traffic to internal servers.

The vulnerability of the Adobe BlazeDS interpreter, ColdFusion, exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to redirect HTTP traffic to internal servers using a specially crafted XML document related to a forged SSRF request...

4.3CVSS5.5AI score0.04482EPSS
Exploits1References2
Hacker One
Hacker One
added 2014/02/13 8:5 p.m.28 views

Factlink: Proxy discloses internal web servers

Hi guys, I found a bug that allows users of your proxy to retrieve pages from your internal web servers -- in this case, the 172.16.64.0/24 subnet. As an example, please see this link. As you will see, it returns the HTML of your Chef server which, I assume, cannot be accessed from the internet. ...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2011/10/08 5:54 p.m.9 views

Apache Patch released for Reverse proxy Bypass Vulnerability

Apache Patch released for Reverse proxy Bypass Vulnerability Security experts at Context have discovered a hole in the Apache web server that allows remote attackers to access internal servers. Security experts are warning firms running the Apache web server to keep up to date with the latest...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2011/10/06 12:0 a.m.415 views

Apache mod_proxy Reverse Proxy Exposure

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache HTTP Server Security Advisory ==================================== Title: modproxy reverse proxy exposure CVE: CVE-2011-3368 Date: 20111005 Product: Apache HTTP Server Versions: httpd 1.3 all versions, httpd 2...

5CVSS9AI score0.90734EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2011/03/29 12:0 a.m.37 views

Symantec LiveUpdate Administrator Web Detection

Symantec LiveUpdate Administrator LUA was detected on the remote host. LUA provides centralized management for multiple internal LiveUpdate servers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid53208; scriptversion"1.7"; scriptcvsdate"Date: 2019/11/22";...

5.4AI score
Exploits0References1
Rows per page
Query Builder