12 matches found
Xingyuantu SparkShop 安全漏洞
Xingyuantu SparkShop is an open source shopping center from Xingyuantu, a Chinese company. A security vulnerability exists in Xingyuantu SparkShop 1.1.7 and earlier versions, which stems from vulnerability to a server-side request forgery SSRF attack that could allow an attacker to scan ports on...
Withdrawn Advisory: Access control issues in blackbox_exporter
Withdrawn Advisory This advisory has been withdrawn because it was determined to be a configuration issue rather than a vulnerability. This link is maintained to preserve external references. For more information, see the conversation here. Original Advisory blackboxexporter v0.23.0 was discovere...
CVE-2023-26735
blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...
Design/Logic Flaw
DISPUTED blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...
CVE-2023-26735
blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...
UBUNTU-CVE-2023-26735
DISPUTED blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...
CVE-2023-26735
blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...
PT-2023-20776 · Unknown +1 · Blackbox Exporter +1
Name of the Vulnerable Software and Affected Versions: blackbox exporter version 0.23.0 Description: The issue is related to an access control problem in the probe interface of blackbox exporter, allowing attackers to detect intranet ports and services, as well as download resources. It is noted...
CVE-2023-26735
blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...
CVE-2023-26735
blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...
GHSA-6Q3P-36F4-CWXV Server-Side Request Forgery in UReport
UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...
PT-2020-13677 · Vmware · Harbor
Name of the Vulnerable Software and Affected Versions: Harbor versions prior to 2.0.1 Description: The issue allows for a limited Server-Side Request Forgery SSRF attack. An attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet...