7 matches found
CVE-2026-43879
CVE-2026-43879 (WWBN/AVideo) describes a blind SSRF in the donation webhook flow. In versions up to 29.0, an authenticated user can configure donation_notification_url to point at internal or RFC1918 hosts (e.g., 127.0.0.1, 169.254.169.254). When another user donates, the server issues a curl POS...
AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass
Summary An authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. When any other user including a second account owned by the same attacker...
GHSA-WP38-WHX3-XFFH AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass
Summary An authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. When any other user including a second account owned by the same attacker...
PT-2026-37295
Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.0 Description An authenticated user can configure a donation-notification webhook URL to point to internal, loopback, or metadata hosts, such as http://127.0.0.1:8080/ or http://169.254.169.254/latest/. When...
The vulnerability of the update function in NETGEAR RAX50 integrated software allows a hacker to execute arbitrary code.
The vulnerability of the update function in NETGEAR RAX50 integrated software lies in errors in the certificate validation process. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted CURL POST request...
PHPYUN最新版XML注入及SQL注入获取管理员账号(无视任何防御)
简要描述: 早上提交了个XML实体读取任意文件的,结果厂商说是数字被提交了,顿时无语了。 这里还有一个XML注入及SQL注入,如果说又是数字被提交了,我保证不在挖你们的漏洞了!!! 详细说明: 首先我们来说一说$GLOBALS"HTTPRAWPOSTDATA"这个东东,他会吧POST过来的内容原封不动的传进来,所以phpyun的那些铜墙铁壁的防御也就没用了!!! 还是文件:weixin/model/index.class.php XML实体注入: private function responseMsg $postStr = $GLOBALS"HTTPRAWPOSTDATA"; if...
Limonade Framework 3.0 Local File Disclosure
Exploit Title: Limonade framework Local file disclosure filtering bypass Date: 2013 17 November Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://limonade-php.github.io/ Tested on: Linux Ubuntu, PHP...