EUVD-2018-3353

Malware in sbrugna...

CVE-2024-4354 TablePress – Tables in WordPress made easy <= 2.3 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the getfilestoimport function. This makes it possible for authenticated attackers, with author-level access and above, to make web request...

GHSA-MCXR-FX5F-96QQ Server-Side Request Forgery in Concrete CMS

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

CVE-2018-7160

It was found that when a Node.js script is run in inspector mode, Node.js did not properly validate the Host header, leaving the inspector vulnerable to a DNS rebind attack and bypass same-origin policy. If a developer had an inspector session running, and was visiting a malicious website, the si...

Xxe

The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...

CVE-2018-11314

The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...

CVE-2018-11314

CVE-2018-11314 affects Roku and Roku TV External Control API. The vulnerability enables unauthorized remote control via DNS rebinding, potentially exposing privileged device and network information. Documented impact includes remote device control and data exfiltration on affected Roku platforms;...