Exposure of Sensitive Information in simple-get

In versions of simple-get prior to 4.0.1, 3.1.1, and 2.8.2, when fetching a remote url with a cookie location response, headers will be followed, potentially resulting in an exposure of the session cookie to a third party...

CVE-2022-0155

A flaw was found in follow-redirects when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked...

Information Disclosure

follow-redirects is vulnerable to information disclosure. The cookie is exposed when the system is fetching a remote url with the redirect...

Server side request forgery (ssrf)

An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources...

CVE-2020-14160

Gotenberg up to version 6.2.1 contains an SSRF in the remote URL to PDF conversion, allowing an attacker to read local files or access intranet resources. Affected component is the PDF conversion endpoint that processes remote URLs. The issue is evidenced across multiple sources (NVD description ...

CVE-2020-14160

An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources...

OESA-2021-1201 hadoop security update

Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models. It is designed to scale up from single servers to thousands of machines, each offering local computation and storage. Security Fixes: In Apache...

CVE-2021-29137

A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform versions prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability...

CVE-2021-29137

Aruba AirWave Management Platform before version 8.2.12.1 contains a remote URL redirection vulnerability. The affected product is Aruba AirWave Management Platform; vulnerable component is the URL redirection logic. Aruba has released patches addressing this vulnerability, with the fix included ...

Hasura GraphQL 1.3.3 Server-Side Request Forgery

Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1'...

Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)

Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1'...

CVE-2021-24220 All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

Unspecified Vulnerability in Apache Hadoop

Apache Hadoop is a set of open source distributed systems infrastructure of the U.S. Apache Apache Foundation. The product is capable of distributed processing of large amounts of data and is characterized by high reliability, high scalability, high fault tolerance and so on. A security...

Multiple access restriction bypass vulnerabilities in UNIQLO App

Overview UNIQLO App provided by UNIQLO CO., LTD. contains multiple access restriction bypass vulnerabilities below. A remote attacker may be able to lead a user to access an arbitrary website via the vulnerable App. The App launched by a Custom URL Scheme may lead a user to access an arbitrary UR...

CVE-2017-17522

...

afagh.ihcs.ac.ir Open Redirect vulnerability

Open Bug Bounty ID: OBB-1145526 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting afagh.ihcs.ac.ir website and its users. Following...

WAGO PFC200 Cloud Connectivity Remote Code Execution Vulnerability

Summary An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. Tested Versions WAGO PFC200 Firmware versi...

CVE-2020-9761

UNCTAD ASYCUDA World 2001–2020 contains a Java RMI server with an insecure default configuration, leading to Java code execution from a remote URL when the RMI Distributed Garbage Collector method is called. Root cause: insecure default RMI server configuration. This CVE is CVE-2020-9761. The con...

CVE-2020-9761

An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distributed Garbage Collector method is called...

Command Injection

Overview git-diff-apply is a package that can be used to reach an unrelated remote repository to apply a git diff. Affected versions of this package are vulnerable to Command Injection. In "index.js" file, line 240, the run command executes the git command with an user controlled variable called...