7 matches found
CVE-2021-27329
Friendica 2021.01 allows SSRF via parseurl?binurl= for DNS lookups or HTTP requests to arbitrary domain names...
EUVD-2016-10493
Malware in sbrugna...
CVE-2022-22364
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...
CVE-2022-22364
CVE-2022-22364 affects IBM Controller: 10.4.1, 10.4.2, and 11.0.0. The issue is an External Service Interaction vulnerability caused by improper validation of user-supplied input, allowing a remote attacker to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary...
CVE-2023-24044
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."...
CVE-2019-4131
IBM Application Performance Management IBM Monitoring 8.1.4 could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270...
Code injection
IBM Application Performance Management IBM Monitoring 8.1.4 could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270...