CVE-2023-34959

An issue in Chamilo v1.11. up to v1.11.18 allows attackers to execute a Server-Side Request Forgery SSRF and obtain information on the services running on the server via crafted requests in the social and links tools...

Chamilo LMS 代码问题漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo versions v1.11. through v1.11.18. ...

PYSEC-2023-85

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

UBUNTU-CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

CVE-2023-3121

A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclose...

Dahua Smart Parking Management 代码问题漏洞

Dahua Smart Parking Management is a parking solution from Dahua, China. A code issue vulnerability exists in Dahua Smart Parking Management 20230528 and prior versions, which stems from an issue with unknown code in the file /ipms/imageConvert/image, where manipulation of the parameter fileUrl ca...

Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)

Overview CONPROSYS HMI System CHS provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Plaintext storage of a password CWE-256 - CVE-2023-28713 Incorrect permission assignment for critical resource CWE-732 - CVE-2023-28399 Improper access control CWE-284 - CVE-2023-28657...

CVE-2023-28824

Server-side request forgery vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database...

CVE-2023-28824

Server-side request forgery vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database...

CVE-2023-23955

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability...

CVE-2023-23955

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability...

PT-2023-19321 · Unknown · Advanced Secure Gateway/Content Analysis

Name of the Vulnerable Software and Affected Versions: Advanced Secure Gateway and Content Analysis versions prior to 7.3.13.1 / 3.1.6.0 Description: The issue is related to a Server-Side Request Forgery vulnerability. Recommendations: For versions prior to 7.3.13.1 / 3.1.6.0, update to version...

CVE-2023-3015

A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file data/title.php. The manipulation of the argument titurl leads to server-side request forgery. The attack can be launched remotely. The...

Abstrium Pydio Cells 代码问题漏洞

Abstrium Pydio Cells is a next-generation file-sharing platform developed in the Go language by French company Abstrium. A security vulnerability exists in Abstrium Pydio Cells 4.1.2 and earlier versions, which stems from the presence of server-side request forgery...

Vip Video Analysis 代码问题漏洞

Vip Video Analysis is a vip video parsing application by yiwen personal developer. A code issue vulnerability exists in Vip Video Analysis version 1.0, which stems from a server-side request forgery due to misuse of the parameter titurl...

Contec CONPROSYS HMI System 代码问题漏洞

Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.5.3 that stems from a server-side request forgery...

PT-2023-22558 · Unknown · Yiwent Vip Video Analysis

Name of the Vulnerable Software and Affected Versions: yiwent Vip Video Analysis version 1.0 Description: A critical issue has been found in the software, affecting an unknown functionality of the file data/title.php. The manipulation of the titurl argument leads to server-side request forgery...

CVE-2023-2287

The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing...

JIZHICMS 代码问题漏洞

Extreme Networks Technology JIZHICMS Extreme CMS is an open source content management system CMS from China's Extreme Networks Technology Company. A code issue vulnerability exists in JIZHICMS version 2.4.5, which stems from a problem with the file TemplateController.php, where manipulation of th...

PT-2023-22228 · Jizhicms · Jizhicms

Name of the Vulnerable Software and Affected Versions: JIZHICMS version 2.4.5 Description: A critical issue has been found, affecting the index function of the TemplateController.php file. The manipulation of the webapi argument leads to server-side request forgery, allowing for remote attacks...