32 matches found
Full Read Server-Side Request Forgery (SSRF)
Description In the recipe edit page, is possible to upload an image directly or via an URL provided by the user. The function that handles the fetching and saving of the image via the URL doesn't have any URL verification, which allows to fetch internal services. \ \ Furthermore, after the resour...
GHSA-WXG3-MFPH-QG9W Django Might Allow CSRF Requests via URL Verification
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...
CVE-2022-1037
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs...
Exploit for Path Traversal in Vmware Cloud_Foundation
CVE-2021-22005 – Batch validation of Python...
Common Resolutions to “Cannot Complete Your Request” Error when connecting through Citrix Gateway
Symptoms or Error The “Cannot Complete Your Request” error is displayed whenconnecting through Citrix Gateway. However, this is an error could occur when connecting to StoreFront Server directly or through Load Balancer based on different deployment scenarios. To narrow down through which...
GHSA-R2VW-JGQ9-JQX2 Improper Authorization in @sap-cloud-sdk/core
Affected versions of @sap-cloud-sdk/core do not properly validate JWTs. The verifyJwt function does not properly validate the URL from where the public verification key for the JWT can be downloaded. Any URL was trusted which makes it possible to provide a URL belonging to a manipulated JWT...
CVE-2020-25019
jitsi-meet-electron aka Jitsi Meet Electron before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...
CVE-2020-25019
jitsi-meet-electron aka Jitsi Meet Electron before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...
CVE-2020-25019
jitsi-meet-electron aka Jitsi Meet Electron before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances...
CVE-2017-17223
Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 have a directory traversal vulnerability. An authenticated, remote attacker can craft specific URL to the affected products. Due to insufficient verification of the URL, successful exploit will upload an...
Open Redirects
products.cmfquickinstallertool is vulnerable to open redirection. It is possible because it does not verify if the request url is in the portal...
Lynx Internal URL Verification Code Execution
Binary data 1739.prm...