CVE-2024-0789

The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to...

CVE-2023-38059

The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; OTRS Community Edition: from 6.0.X through...

CVE-2023-38059

The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; OTRS Community Edition: from 6.0.X through...

Code injection

The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; OTRS Community Edition: from 6.0.X through...

stun-info NSE Script

Retrieves the external IP address of a NAT:ed host using the STUN protocol. Script Arguments stun.mode See the documentation for the stun library. Example Usage nmap -sV -PN -sU -p 3478 --script stun-info Script Output PORT STATE SERVICE 3478/udp open|filtered stun | stun-info: | External IP:...