OpenZiti Console 代码问题漏洞

OpenZiti Console is an OpenZiti open source web interface for the management of an OpenZiti network. A code issue vulnerability exists in OpenZiti Console versions prior to 3.7.1 that stems from unauthenticated access to an endpoint and could lead to server-side request forgery...

Server-side Request Forgery (SSRF)

Overview org.webjars.bower:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the allowAbsoluteUrls attribute being ignored in the call to the buildFullPath function from the HTTP adapter. A...

SUSE CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-39573) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39573 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the modrewrite. By sending a...

CVE-2024-55892 Potential Open Redirect via Parsing Differences in TYPO3

TYPO3 is a free and open source Content Management Framework. Applications that use TYPO3\CMS\Core\Http\Uri to parse externally provided URLs e.g., via a query parameter and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the...

CVE-2024-51463

IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

The vulnerability of the Adobe Document Service component in the SAP NetWeaver AS for Java software for creating and deploying web applications allows a attacker to perform an SSRF attack.

The vulnerability of the Adobe Document Service component in the SAP NetWeaver AS for Java web application development and deployment framework is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack using a...

PT-2024-9574 · Ruijie · Ruijie Reyee Os

Name of the Vulnerable Software and Affected Versions: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x Description: The issue allows attackers to force Ruijie's proxy servers to perform any request the attackers choose, potentially giving them access to internal services used by...

QNAP Systems QNAP Notes Station 安全漏洞

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. A server-side request forgery vulnerability exists in QNAP Notes Station 3. The vulnerability stems from th...

mipjz 安全漏洞

mipjz is a content management system based on Baidu Mobile Accelerator MIP developed by sansanyun individual developer. A security vulnerability exists in mipjz version 5.0.5, which originates from the mipPost method in appsettingcontrollerApiAdminTool.php that improperly handles the postAddress...

The vulnerability of the Zimbra Collaboration Suite’s email management system, which stems from insufficient validation of incoming requests, allows attackers to carry out SRF attacks.

The vulnerability of the Zimbra Collaboration Suite’s email management system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to carry out a SRF attack remotely...

SUSE CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

CVE-2024-47222

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol...

The vulnerability of the Zimbra Collaboration Suite’s email management system, which stems from insufficient validation of incoming requests, allows attackers to carry out SRF attacks.

The vulnerability of the Zimbra Collaboration Suite’s email management system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to carry out a SRF attack remotely...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

openHAB 安全漏洞

openHAB is an open source home automation application from openHAB. A security vulnerability exists in versions prior to openHAB 4.2.1 that stems from a proxy endpoint that allows access to add-ons without authentication, which can be used as a server request forgery to induce GET HTTP requests t...

UBUNTU-CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affect...

MyBB Server Request Forgery Vulnerability

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A server request forgery vulnerability exists in MyBB versions prior to 1.8.38, which stems from the...