Withdrawn Advisory: Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability

Withdrawn Advisory This advisory has been withdrawn because the underlying issue existed in Weights and Biases's backend server code, not the software development kit included in the wandb PyPI package, as originally reported. This link is maintained to preserve external references. Original...

CVE-2024-4642

CVE-2024-4642 is described in connected advisories as a Server-Side Request Forgery (SSRF) in the wandb/wandb repository, caused by improper handling of HTTP redirects (HTTP 302). The issue could allow team members with access to the Webhooks settings to reach internal HTTP(S) endpoints, with pot...

Open Redirection

github.com/prometheus/prometheus is vulnerable to open redirection. An attacker is able to redirect a user to a malicious endpoint via a HTTP 302 response...

ZEIT: Unauthorized admission to any team in zeit.co

step no.1: open : https://zeit.co/teams/invite/ XXXX and this is a code "CzKyCgbB" of joining in a team called "maxhacker" if we generate a list consists of 8 capital and small letters with any generate tools F565462 knowing that the invitation code of any team is constant...

Open-Xchange: SSRF in VCARD photo upload functionality

FYI - Tested on local installation of App Suite 7.8.4 REV 14, CentOS 7.4, x64 Hello, I believe I may have found another SSRF re-direct vulnerability which again will allow port scanning of the App Suite server and the internal network, this is similar to my earlier report: 293847 The endpoint is...

Cuvva: CRLF Injection [vpn.corp.cuvva.com]

Hi team, Found a CRLF injection in vpn.corp.cuvva.com Poc https://vpn.corp.cuvva.com/sessionstart/%0aSet-Cookie:NEWCOOKIE123 Response: HTTP/1.1 302 Found Date: Wed, 24 May 2017 18:13:57 GMT Connection: close Content-Type: text/html; charset=UTF-8 Location: https://vpn.corp.cuvva.com/...

CVE-2016-6877

Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an...

Design/Logic Flaw

Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an...

CVE-2016-6877

Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an...

Firefox - SVG cross domain cookie vulnerability （CVE-2016-9078）

Original link: http://insert-script.blogspot.jp/2016/12/firefox-svg-cross-domain-cookie.html Author: the Alex Inführ Translation: Holic know Chong Yu 404 Safety laboratory , this article has additions and changes Note: the vulnerability only affects Firefox 49 and 50 version, details see the...

X (Formerly Twitter): Bypassing callback_url validation on Digits

Hi, I would like to report an issue in Digits which allows attacker to bypass the callbackurl validation of an application and thus takeover an account. Detail Digits is a part of the Fabric SDK which offers phone-based sign in. It also provides web login flow. In the navigation-based...

Apple Safari URI spoofing (CVE-2015-5764)

tl;dr Apple Safari for OS X was prone to URI spoofing vulnerability and more general a user interface spoofing. Apple released security updates for Safari 9 on OS X and assigned CVE-2015-5764. Accidentally this vulnerability was also present in iOS. Instant demo In Safari up to 8.0.8 : go to clic...

Google Chrome < 31.0.1650.63 Multiple Vulnerabilities (Mac OS X)

The version of Google Chrome installed on the remote Mac OS X host is a version prior to 31.0.1650.63. It is, therefore, affected by the following vulnerabilities : - An error exists related to session fixation, the sync process and HTTP 302 redirects. CVE-2013-6634 - A use-after-free error exist...

Google Chrome < 31.0.1650.63 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 31.0.1650.63. It is, therefore, affected by the following vulnerabilities : - An error exists related to session fixation, the sync process and HTTP 302 redirects. CVE-2013-6634 - A use-after-free error exists related...

global_redirect

This plugin finds global redirection vulnerabilities. This kind of bugs are used for phishing and other identity theft attacks. A common example of a global redirection would be a script that takes a "url" parameter and when requesting this page, a HTTP 302 message with the location header to the...

ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability

ZDI-11-196: Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-196 June 14, 2011 -- CVE ID: CVE-2011-1262 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft...

Microsoft Internet Explorer HTTP重定向未初始化内存远程代码执行漏洞

Bugtraq ID: 48211 CVE ID：CVE-2011-1262 Microsoft Internet Explorer是一款微软开发的WEB浏览器。 Internet Explorer处理HTTP 302重定向到CDL协议存在缺陷。当Internet Explorer判断哪个负责处理协议重定向时，未能维护一个正确的用于事务对象的引用计数器，结果可导致释放后使用漏洞，可以以应用程序上下文执行任意代码 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7...

Microsoft Internet Explorer HTTP 302 Redirect Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Unauthorized access to wyciwyg:// documents — Mozilla

Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached wyciwyg documents. It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects. This enables the attacker to steal sensitive data...

CVE-2007-3656

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...