34 matches found
CVE-2021-22969
Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...
EUVD-2018-3353
Malware in sbrugna...
EUVD-2021-2368
Malware in sbrugna...
Moodle 4.1.x < 4.1.19 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.19, or 4.4.x prior to 4.4.9, or 4.5.x prior to 4.5.5, or 5.x prior to 5.0.1. It is, therefore, affected by multiple vulnerabilities : - A stricter capability check was required to restrict...
CVE-2024-4354
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the getfilestoimport function. This makes it possible for authenticated attackers, with author-level access and above, to make web request...
CVE-2024-4354
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the getfilestoimport function. This makes it possible for authenticated attackers, with author-level access and above, to make web request...
CVE-2024-4354 TablePress – Tables in WordPress made easy <= 2.3 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the getfilestoimport function. This makes it possible for authenticated attackers, with author-level access and above, to make web request...
CVE-2024-4354 TablePress – Tables in WordPress made easy <= 2.3 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the getfilestoimport function. This makes it possible for authenticated attackers, with author-level access and above, to make web request...
CVE-2024-4354
CVE-2024-4354 concerns the WordPress plugin TablePress (
DNS Rebind Attack
Docker is vulnerable to DNS Rebind Attack. This vulnerability is due to the lack of proper isolation between containers and the host's DNS resolver, allowing malicious actors to exploit DNS rebinding to bypass network restrictions...
GHSA-MCXR-FX5F-96QQ Server-Side Request Forgery in Concrete CMS
Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...
Server-Side Request Forgery in Concrete CMS
Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...
CVE-2021-22969
Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...
CVE-2021-22969
Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...
Design/Logic Flaw
Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...
CVE-2021-22969
Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...
CVE-2021-22969
CVE-2021-22969 affects Concrete CMS (formerly concrete5) versions below 8.5.7. The vulnerability is a Server-Side Request Forgery (SSRF) mitigation bypass via a DNS Rebind attack, enabling an attacker to access cloud IAM keys (e.g., AWS) by fetching credentials. The root cause is SSRF mitigation ...
Concrete CMS: SSRF mitigation bypass using DNS Rebind attack
We noticed that the upload functionality contains the ability to upload files from remote server, however there are some mitigations against accessing the AWS Instance Metadata service. We've managed to bypass these mitigations using DNS rebinding and we've managed to fetch the AWS IAM keys when...
gupnp security update
1.0.2-6 + gupnp-1.0.3-3 - Fix DNS rebind issue - Resolves: 1964706...
gupnp security update
1.0.6-2 + gupnp-1.0.6-2 - Fix DNS rebind issue - Resolves: 1964710...