Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the router process. An attacker can retrieve sensitive information from internal network resources by crafting requests that leverage specific file suffixes and HTTP 302 redirects to bypass...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the router process. An attacker can retrieve sensitive information from internal network resources by crafting requests that leverage specific file suffixes and HTTP 302 redirects to bypass...

EUVD-2024-21484

Malicious code in bioql PyPI...

CVE-2024-24059

springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files...

CVE-2023-40183

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the ImageIO.read method to determine whether the file is an image file or not. There is no whitelisting...

Code injection

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the ImageIO.read method to determine whether the file is an image file or not. There is no whitelisting...

CVE-2023-40183 DataEase has a vulnerability to obtain user cookies

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the ImageIO.read method to determine whether the file is an image file or not. There is no whitelisting...

CVE-2023-40183 DataEase has a vulnerability to obtain user cookies

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the ImageIO.read method to determine whether the file is an image file or not. There is no whitelisting...

CVE-2020-19302

An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php"...

CVE-2020-19302

An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php"...

Backup Files Disclosure

By appending various suffixes ie: .old, .bak, , etc... to the names of various files on the remote host, it seems possible to retrieve their contents, which may result in disclosure of sensitive information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This plugin uses the data collected ...