359 matches found
CVE-2022-31386
A Server-Side Request Forgery SSRF in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter...
CVE-2022-31386
A Server-Side Request Forgery SSRF in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter...
Shopify: One Click XSS in [www.shopify.com]
Steps To Reproduce: 1. You need a web server, put F1722320 to www 2. visit it: http://:/poc.html?x=$alert1 3. click it 4. you will see the alert Supporting Material: F1722333 Impact Cookie Stealing - A malicious user can steal cookies and use them to gain access to the application. Arbitrary...
Server side request forgery (ssrf)
Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...
CVE-2022-28117
A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...
CVE-2022-28117
A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...
CVE-2022-28117
Navigate CMS v2.9.4 is affected by a Server-Side Request Forgery (SSRF) in the feed_parser class. An attacker can force the application to make arbitrary outbound requests by injecting URLs into the feed parameter, potentially exposing internal resources or enabling data exposure and unauthorized...
Shopware Code Problem Vulnerability (CNVD-2022-31768)
Shopware is a German Shopware company's open source e-commerce software. A code issue vulnerability exists in Shopware that stems from the fact that in the affected version, a user session is not logged off if the password is reset via password recovery. An attacker could exploit the vulnerabilit...
CVE-2022-26499
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...
UBUNTU-CVE-2022-26499
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...
Vulnerabilities fixed in Asterisk
Vulnerabilities have been fixed in Asterisk and Certified Asterisk. These vulnerabilities potentially allow a malicious party to perform an SQL injection attack, issue arbitrary requests or download send arbitrary requests or download larger than allowed files. Asterisk has made updates available...
PT-2022-17903 · Asterisk · Asterisk
Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 16.25.2 Asterisk versions prior to 18.11.2 Asterisk versions prior to 19.3.2 Description: An issue was discovered in Asterisk. When using STIR/SHAKEN, it's possible to send arbitrary requests, such as GET, to...
CVE-2022-26499
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...
FreeBSD : Asterisk -- multiple vulnerabilities (8838abf0-bc47-11ec-b516-0897988a1c07)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8838abf0-bc47-11ec-b516-0897988a1c07 advisory. - An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible...
Asterisk -- multiple vulnerabilities
The Asterisk project reports: AST-2022-001 - When using STIR/SHAKEN, its possible to download files that are not certificates. These files could be much larger than what you would expect to download. AST-2022-002 - When using STIR/SHAKEN, its possible to send arbitrary requests like GET to...
Exploit for Server-Side Request Forgery in Naviwebs Navigate_Cms
CVE-2022-28117 Navigate CMS = 2.9.4 - Server-Side Request...
CVE-2022-1213
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191...
CVE-2022-1213
SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191...