14 matches found
EUVD-2020-15833
Malware in sbrugna...
CVE-2023-26735
blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...
CVE-2020-21524
There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...
CVE-2024-46985
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerabilit...
GHSA-4M9P-7XG6-F4MM DataEase has an XML External Entity Reference vulnerability
Impact There is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. 1. send request: POST /de2api/staticResource/upload/1 HTTP/1.1 Host: dataease.ubuntu20.vm...
CVE-2024-46985 DataEase has an XXE vulnerability
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerabilit...
CVE-2024-46985 DataEase has an XXE vulnerability
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerabilit...
CVE-2024-46985 DataEase has an XXE vulnerability
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. The vulnerabilit...
CVE-2023-26735
blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...
CVE-2023-26735
CVE-2023-26735 affects blackbox_exporter v0.23.0. Technical details across connected sources describe an access-control issue in the probe interface that could allow an attacker to discover intranet ports/services and download resources. The primary description notes this is disputed by third par...
Halo Server-Side Request Forgery Vulnerability
Halo is a light and clean Java blogging system. A server-side request forgery vulnerability exists in the SMTP configuration in Halo 1.3.2 and earlier versions, which can be exploited by an attacker to detect a server intranet...
CVE-2020-21524
There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...
Xxe
There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...
CVE-2020-21524
There is a XML external entity XXE vulnerability in halo v1.1.3, The function of importing other blogs in the background/api/admin/migrations/wordpress needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks...