Lucene search
+L

359 matches found

osv
osv
added 2022/06/09 2:15 p.m.3 views

CVE-2022-31386

A Server-Side Request Forgery SSRF in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter...

9.1CVSS5.9AI score0.00977EPSS
Exploits1References1
prion
prion
added 2022/06/09 2:15 p.m.15 views

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter...

6.4CVSS9.2AI score0.00977EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2022/06/09 1:34 p.m.30 views

CVE-2022-31386

A Server-Side Request Forgery SSRF in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter...

9.6AI score0.00977EPSS
Exploits1References1
hackerone
hackerone
added 2022/05/09 10:15 a.m.18 views

Shopify: One Click XSS in [www.shopify.com]

Steps To Reproduce: 1. You need a web server, put F1722320 to www 2. visit it: http://:/poc.html?x=$alert1 3. click it 4. you will see the alert Supporting Material: F1722333 Impact Cookie Stealing - A malicious user can steal cookies and use them to gain access to the application. Arbitrary...

0.2AI score
Exploits0
prion
prion
added 2022/05/05 11:15 a.m.12 views

Server side request forgery (ssrf)

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...

6.4CVSS8.2AI score0.01095EPSS
Exploits1References2Affected Software1
nvd
nvd
added 2022/04/28 3:15 p.m.19 views

CVE-2022-28117

A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...

4.9CVSS0.22903EPSS
Exploits6References3
prion
prion
added 2022/04/28 3:15 p.m.22 views

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...

4CVSS5.4AI score0.22903EPSS
Exploits6References3Affected Software1
cvelist
cvelist
added 2022/04/28 2:13 p.m.39 views

CVE-2022-28117

A Server-Side Request Forgery SSRF in feedparser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter...

5.7AI score0.22903EPSS
Exploits6References3
cve
cve
added 2022/04/28 2:13 p.m.101 views

CVE-2022-28117

Navigate CMS v2.9.4 is affected by a Server-Side Request Forgery (SSRF) in the feed_parser class. An attacker can force the application to make arbitrary outbound requests by injecting URLs into the feed parameter, potentially exposing internal resources or enabling data exposure and unauthorized...

4.9CVSS5.3AI score0.22903EPSS
Exploits6References3Affected Software1
cnvd
cnvd
added 2022/04/21 12:0 a.m.16 views

Shopware Code Problem Vulnerability (CNVD-2022-31768)

Shopware is a German Shopware company's open source e-commerce software. A code issue vulnerability exists in Shopware that stems from the fact that in the affected version, a user session is not logged off if the password is reset via password recovery. An attacker could exploit the vulnerabilit...

3.5CVSS7.4AI score0.00477EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2022/04/15 5:15 a.m.42 views

CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

9.1CVSS7.3AI score0.0768EPSS
Exploits0References5
osv
osv
added 2022/04/15 5:15 a.m.5 views

UBUNTU-CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

9.1CVSS5.9AI score0.0768EPSS
Exploits0References6
ncsc
ncsc
added 2022/04/15 12:0 a.m.6 views

Vulnerabilities fixed in Asterisk

Vulnerabilities have been fixed in Asterisk and Certified Asterisk. These vulnerabilities potentially allow a malicious party to perform an SQL injection attack, issue arbitrary requests or download send arbitrary requests or download larger than allowed files. Asterisk has made updates available...

9.8CVSS7.5AI score0.16406EPSS
Exploits0
ptsecurity
ptsecurity
added 2022/04/15 12:0 a.m.3 views

PT-2022-17903 · Asterisk · Asterisk

Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 16.25.2 Asterisk versions prior to 18.11.2 Asterisk versions prior to 19.3.2 Description: An issue was discovered in Asterisk. When using STIR/SHAKEN, it's possible to send arbitrary requests, such as GET, to...

9.8CVSS8.3AI score0.16406EPSS
Exploits2References62
osv
osv
added 2022/04/15 12:0 a.m.46 views

CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

9.1CVSS1.6AI score0.0768EPSS
Exploits0References7
nessus
nessus
added 2022/04/14 12:0 a.m.41 views

FreeBSD : Asterisk -- multiple vulnerabilities (8838abf0-bc47-11ec-b516-0897988a1c07)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8838abf0-bc47-11ec-b516-0897988a1c07 advisory. - An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible...

9.1CVSS7.8AI score0.16406EPSS
Exploits0References5
freebsd
freebsd
added 2022/04/14 12:0 a.m.39 views

Asterisk -- multiple vulnerabilities

The Asterisk project reports: AST-2022-001 - When using STIR/SHAKEN, its possible to download files that are not certificates. These files could be much larger than what you would expect to download. AST-2022-002 - When using STIR/SHAKEN, its possible to send arbitrary requests like GET to...

1.6AI score
Exploits0References2
githubexploit
githubexploit
added 2022/04/06 1:27 p.m.231 views

Exploit for Server-Side Request Forgery in Naviwebs Navigate_Cms

CVE-2022-28117 Navigate CMS = 2.9.4 - Server-Side Request...

4.9CVSS5.5AI score0.22903EPSS
Exploits6
attackerkb
attackerkb
added 2022/04/05 4:15 a.m.5 views

CVE-2022-1213

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191...

8.1CVSS7.3AI score0.00571EPSS
Exploits1References3
nvd
nvd
added 2022/04/05 4:15 a.m.27 views

CVE-2022-1213

SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191...

8.1CVSS0.00571EPSS
Exploits1References2
Rows per page
Query Builder