WordPress Premium Starter Templates Plugin < 3.2.5 SSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:brainstormforce:startertemplatespro"; if description...

CVE-2023-5132

The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerc...

CoreRootRouter.executeDepositSingle FUNCTION REVERTS FOR SINGLE ASSETS DEPOSITS THUS FAILING THE TRANSACTION

Lines of code Vulnerability details Impact The RootBridgeAgent.lzReceiveNonBlocking function calls the respective RootBridgeAgentExecutor functions based on the flag parsed via the payload0. The payload0 == 0x02 stands for the Call with Deposit remote call. The...

GHSA-8FXR-QFR9-P34W TorchServe Server-Side Request Forgery vulnerability

Impact Remote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...

GHSA-59X6-G4JR-4HXC GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime.exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. RCE in Jiffle The Jiffle map algebra language, provided by jai-ext, allows efficient...

GO-2023-1713 Path traversal in github.com/sjqzhang/go-fastdfs

An attacker can craft a remote request to upload a file to "/group1/upload" that uses path traversal to instead write the file contents to an attacker controlled path on the server...

The vulnerability of the mobile plugin for data processing in Atlassian Jira Service Management Server and Data Center allows a perpetrator to execute an SSRF attack.

The vulnerability of the mobile plugin for data center processing in tlassian Jira Service Management Server and Data Center is related to insufficient testing of requests on the server side. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

GHSA-X5RV-W9PM-8QP8 Juju controller - Arbitrary file reading vulnerability

Impact An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. Patches Patched in juju 2.9.38 and juju 3.0.3 juju/jujuef803e2 Workarounds Limit read access to the controller model to onl...

Juju controller - Arbitrary file reading vulnerability

Impact An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. Patches Patched in juju 2.9.38 and juju 3.0.3 juju/jujuef803e2 Workarounds Limit read access to the controller model to onl...

Server side request forgery (ssrf)

An SSRF issue was discovered in Reprise License Manager RLM web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function...

CVE-2022-45414

If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block...

The vulnerability of the Microsoft Exchange Server, related to errors in processing input data in the OWA interface, allows a perpetrator to perform an SSRF attack.

The vulnerability of Microsoft Exchange Server is related to errors in processing input data in the OWA interface. Exploiting this vulnerability can allow a malicious actor to execute an SSRF attack remotely...

Mozilla: An iframe element in an HTML email could trigger a network request

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...

Mozilla: An iframe element in an HTML email could trigger a network request

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...

Spring Cloud Gateway Remote Code Execution Vulnerability

Spring Cloud GateWay is a library provided for building API gateways on top of Spring WebFlux.A remote code execution vulnerability exists in Spring Cloud Gateway, which occurs in the Actuator endpoint of the Spring Cloud Gateway application, which is enabled, public and insecure, is vulnerable t...

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

Hangfire 安全漏洞

Hangfire is the easiest way to execute hit-and-miss, delayed and repetitive jobs in ASP.NET applications. Supports CPU and I/O intensive, long-running and short-running jobs. No Windows service/task planner required. Powered by Redis, SQL Server, SQL Azure and MSMQ. A security vulnerability exist...

CVE-2021-41295 ECOA BAS controller - Cross-Site Request Forgery (CSRF)

ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands GET, POST, PUT, DELETE to perform arbitrary operations in the system...

Apache Solr 8.3.0 Velocity Template Remote Code Execution Exploit

This Metasploit module exploits a vulnerability in Apache Solr versions 8.3.0 and below which allows remote code execution via a custom Velocity template. Currently, this module only supports Solr basic authentication. From the Tenable advisory: An attacker could target a vulnerable Apache Solr...

E-Series SANtricity OS Controller Software Denial of Service Vulnerability

E-Series SANtricity OS Controller Software is a disk array OS controller. A security vulnerability in E-Series SANtricity OS Controller Software IPV6 processing allows remote attackers to exploit the vulnerability by submitting a special request, which can be used in a denial-of-service attack...