2 matches found
CVE-2023-7240 Broken Access Control leading to SSRF in NetIQ Identity Console
An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server Server IP/DNS field and is triggering connection to arbitrary address...
python: ftplib should not use the host from the PASV response
A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecti...