Exploit for CVE-2024-28397

Introduction 中文 Analysis Chinese./an...

CVE-2024-3663

The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpscrapermultiscrapeaction function in all versions up to, and including, 5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create...

CVE-2024-3663

CVE-2024-3663 affects the WordPress plugin WP Scraper. A missing capability check in wp_scraper_multi_scrape_action() allows authenticated users with subscriber+ privileges to create arbitrary pages/posts on all versions up to 5.7. Impact per sources: unauthorized content creation within the site...

WordPress WP Scraper plugin <= 5.7 - Missing Authorization to Arbitrary Page/Post Creation vulnerability

Missing Authorization to Arbitrary Page/Post Creation vulnerability discovered by Lucio Sá in WordPress Plugin WP Scraper versions = 5.7...

WordPress WP Scraper Plugin <= 5.7 is vulnerable to Broken Access Control

Software WP Scraper Type Plugin Vulnerable versions = 5.7 Fixed in 5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3663 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6a3b87c193df Credits Lucio Sá Required privilege Subscriber...

WordPress Plugin WP Scraper 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: trivy, datadog-agent, caddy, crossplane-provider-azure-managedidentity, fulcio, kube-bench, rabbitmq-messaging-topology-operator, kube-state-metrics, prometheus-beat-exporter-fips, metacontroller, external-secrets-fips, haproxy-ingress, cadvisor, sonobuoy, hubble-fip...

CVE-2024-0455

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

CVE-2024-0455

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

Cross site request forgery (csrf)

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

CVE-2024-0455

CVE-2024-0455 concerns AnythingLLM where a web scraper can trigger a server-side request to the AWS EC2 metadata URL 169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance. If accessed by a user with manager/admin permissions (and in single-user mode) from wit...

CVE-2024-0455 SSRF on AWS deployed instances of AnythingLLM via /metadata

The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...

PT-2024-15574 · Unknown · Anything-Llm

Name of the Vulnerable Software and Affected Versions: AnythingLLM affected versions not specified Description: The issue allows users with proper authorization levels manager, admin, and when in single user mode to access sensitive information by using a web scraper to query a specific URL:...

CVE-2023-48699 fastbots Eval Injection vulnerability

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model POM design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability ...

WordPress TwentyFourth WP Scraper Plugin <= 0.6.5 is vulnerable to Cross Site Scripting (XSS)

Software TwentyFourth WP Scraper Type Plugin Vulnerable versions = 0.6.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f8302abdf1de Credits Rafie Muhammad Patchstack...

Graphicator - A GraphQL Enumeration And Extraction Tool

Graphicator is a GraphQL "scraper" / extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint, and then re-structures the schema in an internal form so it can re-create the supported queries. When such queries are created is using them to send request...

Fedora: Security Advisory for golang-github-gocolly-colly-2 (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-gocolly-colly-2-2.1.0-5.20210920git2f09941.fc36

Elegant Scraper and Crawler Framework for Golang...

[SECURITY] Fedora 35 Update: golang-github-gocolly-colly-2-2.1.0-4.20210920git2f09941.fc35

Elegant Scraper and Crawler Framework for Golang...

CVE-2022-31570

The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...