Lucene search
K

12 matches found

CNNVD
CNNVD
added 2024/10/28 12:0 a.m.5 views

Xingyuantu SparkShop 安全漏洞

Xingyuantu SparkShop is an open source shopping center from Xingyuantu, a Chinese company. A security vulnerability exists in Xingyuantu SparkShop 1.1.7 and earlier versions, which stems from vulnerability to a server-side request forgery SSRF attack that could allow an attacker to scan ports on...

6.5CVSS6.4AI score0.00223EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/04/26 12:30 a.m.22 views

Withdrawn Advisory: Access control issues in blackbox_exporter

Withdrawn Advisory This advisory has been withdrawn because it was determined to be a configuration issue rather than a vulnerability. This link is maintained to preserve external references. For more information, see the conversation here. Original Advisory blackboxexporter v0.23.0 was discovere...

7.5CVSS7.5AI score0.00883EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2023/04/26 12:15 a.m.29 views

CVE-2023-26735

blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...

7.5CVSS7.6AI score0.00883EPSS
Exploits0References4
Prion
Prion
added 2023/04/26 12:15 a.m.14 views

Design/Logic Flaw

DISPUTED blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...

5CVSS7.6AI score0.00883EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2023/04/26 12:15 a.m.18 views

CVE-2023-26735

blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...

7.5CVSS7.1AI score0.00883EPSS
Exploits0References7
OSV
OSV
added 2023/04/26 12:15 a.m.5 views

UBUNTU-CVE-2023-26735

DISPUTED blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...

7.5CVSS5.8AI score0.00883EPSS
Exploits0References8
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.27 views

CVE-2023-26735

blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...

7.8AI score0.00883EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.6 views

PT-2023-20776 · Unknown +1 · Blackbox Exporter +1

Name of the Vulnerable Software and Affected Versions: blackbox exporter version 0.23.0 Description: The issue is related to an access control problem in the probe interface of blackbox exporter, allowing attackers to detect intranet ports and services, as well as download resources. It is noted...

7.5CVSS7AI score0.00883EPSS
Exploits0References22
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.4 views

CVE-2023-26735

blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...

7.9AI score0.00883EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/04/25 12:0 a.m.19 views

CVE-2023-26735

blackboxexporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured...

7.5CVSS7.6AI score0.00883EPSS
Exploits0
OSV
OSV
added 2021/09/20 8:45 p.m.2 views

GHSA-6Q3P-36F4-CWXV Server-Side Request Forgery in UReport

UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...

5.3CVSS5.9AI score0.0085EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/07/15 12:0 a.m.8 views

PT-2020-13677 · Vmware · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions prior to 2.0.1 Description: The issue allows for a limited Server-Side Request Forgery SSRF attack. An attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet...

4.3CVSS7.2AI score0.01278EPSS
Exploits1References10
Rows per page
Query Builder