9 matches found
CVE-2026-47160 Vaultwarden: Server-side request forgery (SSRF) via Icon Endpoint Decimal/Hex/Octal IP Bypass
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's /icons/domain/icon.png endpoint used src/httpclient.rs checks including shouldblockaddress and postresolve that missed decimal, hexadecimal, and octal IP representations, allowing SSRF through the...
GHSA-284F-F2HW-J2GX Server-Side Request Forgery vulnerability in concrete5
A Server-Side Request Forgery vulnerability was found in concrete5 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed...
CVE-2021-22958
A Server-Side Request Forgery vulnerability was found in concrete5 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0...
Server-side Request Forgery (SSRF)
Overview github.com/pterodactyl/wings/router/downloader is a Wings is Pterodactyl's server control plane, built for the rapidly changing gaming industry and designed to be highly performant and secure. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. It is...
AlienVault : SSRF protection bypass
As said in report 285380, using the decimal IP notation is bypassing the fix : https://www.threatcrowd.org/domain.php?domain=2852039166...
Glype 1.4.9 - Local Address Filter Bypass
No description provided by source. ------------------------------------------------------------------------ Glype proxy local address filter bypass ------------------------------------------------------------------------ Securify, September 2014...
Glype 1.4.9 - Local Address Filter Bypass
------------------------------------------------------------------------ Glype proxy local address filter bypass ------------------------------------------------------------------------ Securify, September 2014 ------------------------------------------------------------------------ Abstract...
Glype Proxy 1.4.9 Filter Bypass
------------------------------------------------------------------------ Glype proxy local address filter bypass ------------------------------------------------------------------------ Securify, September 2014 ------------------------------------------------------------------------ Abstract...
By URL spoofing install Trojan-vulnerability warning-the black bar safety net
URL spoofing the usual moves 1.@ Flag filter user name resolution Originally@flag is the E-mail address of the user name and host separator, but in my URL, the same applies, but function exactly the same. HTTP Hypertext Transfer Protocol, governs me the URL of the full format is“Http://Name:...