Lucene search
K

45 matches found

CNNVD
CNNVD
added 2023/10/02 12:0 a.m.6 views

SLims Code Issue Vulnerability

Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A code issue vulnerability exists in SLims version 9.6.0, which stems from a...

9.9CVSS7.1AI score0.00459EPSS
Exploits0References2
Veracode
Veracode
added 2023/05/11 4:24 a.m.26 views

Server-side Request Forgery (SSRF)

github.com/imgproxy/imgproxy is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists due to unsafe sanitation of the imageURL parameter, which allows an attacker to cause server-side request forgery...

5.3CVSS6.4AI score0.02214EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/05/08 3:30 p.m.75 views

GHSA-9X7H-GGC3-XG47 imgproxy is vulnerable to Server-Side Request Forgery

imgproxy prior to version 3.15.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...

5.3CVSS5.1AI score0.02214EPSS
Exploits1References5
NVD
NVD
added 2023/05/08 3:15 p.m.37 views

CVE-2023-30019

imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...

5.3CVSS5.2AI score0.02214EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.7 views

imgproxy 代码问题漏洞

imgproxy is imgproxy individual developer's fast and secure standalone server for tweaking and converting remote images. A security vulnerability exists in imgproxy version 3.14.0 and earlier versions, which stems from a lack of cleanup of the imageURL parameter...

5.3CVSS5.7AI score0.02214EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.7 views

PT-2023-22513 · Imgproxy · Imgproxy

Name of the Vulnerable Software and Affected Versions: imgproxy versions 3.14.0 and earlier imgproxy prior to version 3.15.0 Description: The issue is related to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter. This allows for potential exploitation...

5.3CVSS7.2AI score0.02214EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2023/05/08 12:0 a.m.7 views

CVE-2023-30019

imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...

5.2AI score0.02214EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/05/08 12:0 a.m.37 views

CVE-2023-30019

imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...

5.5AI score0.02214EPSS
Exploits1References2
OSV
OSV
added 2023/05/08 12:0 a.m.28 views

CVE-2023-30019

imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter...

5.3CVSS7.1AI score0.02214EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/05/11 12:0 a.m.5 views

PT-2021-14692 · Jenkins · Jenkins Dashboard View Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Dashboard View Plugin versions 2.15 and earlier Jenkins Dashboard View Plugin versions prior to 2.16 Jenkins Dashboard View Plugin version 2.12.1 and earlier Description: The issue is related to a stored cross-site scripting XSS...

5.4CVSS5.1AI score0.72678EPSS
Exploits0References7
NVD
NVD
added 2021/05/06 1:15 p.m.24 views

CVE-2021-29490

Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery SSRF attacks via the imageUrl parameter. This issue potentially exposes both internal and...

5.8CVSS0.6907EPSS
Exploits0References1
Prion
Prion
added 2021/05/06 1:15 p.m.19 views

Server side request forgery (ssrf)

Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery SSRF attacks via the imageUrl parameter. This issue potentially exposes both internal and...

5CVSS5.8AI score0.6907EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/10/20 12:0 a.m.14 views

Emby Server Cross-Site Request Forgery Vulnerability

Emby Server is a personal media server software that supports storing, managing, and streaming personal media content with support for multiple device access. Emby Server suffers from a cross-site request forgery vulnerability that allows an attacker to use SSRF via the ImageURL parameter of...

9.8CVSS6.9AI score0.87154EPSS
Exploits4References1
OSV
OSV
added 2020/10/10 9:15 p.m.4 views

CVE-2020-26948

Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter...

9.8CVSS7.3AI score0.87154EPSS
Exploits4References2
Prion
Prion
added 2020/10/10 9:15 p.m.26 views

Server side request forgery (ssrf)

Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter...

7.5CVSS9.4AI score0.87154EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2020/10/10 8:12 p.m.166 views

CVE-2020-26948

The CVE-2020-26948 issue affects Emby Server prior to version 4.5.0. The Nuclei template confirms a server-side request forgery (SSRF) via the Items/RemoteSearch/Image ImageURL parameter. The vulnerability enables the server to make requests to internal resources, with the CVSS 3.1 vector CVSS:3....

9.8CVSS9.3AI score0.87154EPSS
In wildExploits4References2Affected Software1
seebug.org
seebug.org
added 2015/09/24 12:0 a.m.34 views

WordPress Vertical Image Slider 1.0 CSRF / XSS

漏洞影响:Vertical Image Slider 1.0 https://wordpress.org/plugins/wp-vertical-image-slider/漏洞说明:Vertical Image Slider 1.0 对imagetitle和imageurl 变量没有进行过滤导致存在CSRF和XSS漏洞。问题代码:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/11/26 12:0 a.m.37 views

DjVu DjVu_ActiveX_MSOffice.dll ActiveX ComponentBuffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'DjVu...

9.3CVSS0.7AI score0.32745EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2009/09/03 12:0 a.m.20 views

Fedora 10 : mapserver-5.2.3-1.fc10 (2009-9243)

Changelog is: Changing imagepath and imageurl no longer allowed via URL 1836 New fix for incomplete CVE-2009-0840 security fix made in 5.2.2 2943 Fixed seg fault if font not found with label ANGLE FOLLOW 2973 Note that Tenable Network Security has extracted the preceding description block directl...

10CVSS5.3AI score0.05283EPSS
Exploits2References1
Prion
Prion
added 2008/11/04 9:0 p.m.12 views

Buffer overflow

Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office DjVuActiveXMSOffice.dll allows remote attackers to execute arbitrary code via a long 1 ImageURL property, and possibly the 2 Mode, 3 Page, or 4 Zoom properties...

9.3CVSS8.6AI score0.32745EPSS
Exploits3References5
Rows per page
Query Builder