14 matches found
EUVD-2019-0419
Malware in sbrugna...
CVE-2024-48107
SparkShop =1.1.7 is vulnerable to server-side request forgery SSRF. This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server...
Linux Prometheus Blackbox Exporter 代码问题漏洞
Linux Prometheus Blackbox Exporter is a blackbox exporter from the Linux Foundation in the United States that allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP and ICMP. A security vulnerability exists in Linux Prometheus Blackbox Exporter version v0.23.0 that stems from the inclusi...
Reprise Software Reprise License Manager 代码问题漏洞
Reprise Software Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications. A code issue vulnerability exists i...
Server side request forgery (ssrf)
UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...
UReport 代码问题漏洞
UReport is a high-performance pure Java reporting engine based on the Spring architecture. a server-side request forgery vulnerability exists in the designer page of UReport version 2.2.9. An attacker can use this vulnerability to detect intranet device ports...
GHSA-FVX3-G627-PHM2 Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...
Server side request forgery (ssrf)
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...
CVE-2019-10686
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...
CVE-2019-10686
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...
CVE-2019-10686
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...
xml entity injection vulnerability in CLTPHP version 5.5.3
CLTPHP is a content management system developed in ThinkPHP with the Layui framework in the backend. CLTPHP version 5.5.3 has an XML entity injection vulnerability in the program implementation, which can be exploited by attackers to read arbitrary files, execute system commands, probe intranet...
niushop_b2c Pay.php has xml entity injection vulnerability
Niushop open source mall National first commercial free four-in-one completely open source 100% open source The country's first set of B2B2C multi-user mall + micro letter micro-distribution + e-commerce platform investment operation + iOS, Android multi-platform client PHP open source e-commerce...
CVE-2016-6531
Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a...