14 matches found
InvenTree 代码问题漏洞
InvenTree is an open-source inventory management system developed by InvenTree. It provides powerful low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.7 and 1.3.0 contained code vulnerabilities. These vulnerabilities stemmed from the fact that when...
CVE-2026-34526
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^\d+\.\d+\.\d+\.\d+$/. This...
CVE-2026-33953 LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...
CVE-2026-33953 LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...
CVE-2026-33953
CVE-2026-33953 (LinkAce) : The SSRF protection in LinkAce can be bypassed via internal hostname resolution. In versions prior to 2.5.3, direct requests to private IP literals are blocked, but server-side requests to internal resources can still be triggered when those resources are referenced thr...
PT-2026-28577
Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.5.3 Description LinkAce is a self-hosted archive for collecting website links. Versions before 2.5.3 prevent direct requests to private IP literals, but continue to make server-side requests to internal resources wh...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Zohocorp Manageengine_Desktop_Central
CVE-2022-23779 CVE-2022-23779 is a security vulnerability in Z...
CVE-2022-23779
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses...
EUVD-2015-5039
Malware in sbrugna...
CVE-2021-4180
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...
Ping Identity: Internal Hostname disclosure from multiple Apache servers via blank host header method
This vulnerability was due to a general misconfiguration of Apache servers; this is a good example of the importance of "Secure Defaults" in open-source projects. An example of a generic request and response would be: openssl sclient -connect apache.example.com:443 GET apache.example.com/foo...
CVE-2015-5022
IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.32, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information ...
Microsoft DNS Server Internal Hostname Disclosure Detection
Microsoft DNS server might be prone to an internal hostname disclosure. SPDX-FileCopyrightText: 2009 Tim Brown Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability
PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability Description: BEA Plumtree portal is vulnerable to a internal hostname disclosure vulnerability. The internal hostname of the server hosting BEA Plumtree portal is always included at the bottom of every requested HTML page...