Server side request forgery (ssrf)

The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery SSRF via the defaultIpChecker function. It fails to properly validate if the IP requested is private...

CVE-2021-23718 Server-side Request Forgery (SSRF)

The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery SSRF via the defaultIpChecker function. It fails to properly validate if the IP requested is private...

PYSEC-2021-99

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validateipv4address, and validateipv46address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. validateipv4address and...

WordPress GiveWP Plugin < 2.5.10 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.112819";...

DEBIAN-CVE-2018-14635

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...

Input validation

Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...

CVE-2017-15653

Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...

CVE-2017-15653

CVE-2017-15653 concerns AsusWRT routers with the HTTPd web interface. It describes an improper administrator IP validation after login, allowing an unauthorized user who has a valid administrator session token to perform any action by sending a crafted User-Agent string. Affected versions are all...

CVE-2017-15653

Improper administrator IP validation after his login in the HTTPd server in all current versions = 3.0.0.4.380.7743 of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string...

Multiple vulnerabilities in all versions of ASUS routers

1 ASUSWRT 3.0.0.4.376 - multiple vulnerabilities in httpd server all versions of AsusWRT at the time of report to vendor, for previous 376 version see next section 1. Highly predictable session tokens The session token is generated for an authenticated user using stdlib rand function. The token...

CVE-2014-5245: Direct access of ESI URLs behind a trusted proxy

Affected Versions All 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpKernel component are affected by this security issue. Your application is vulnerable only if the ESI feature is enabled and there is a proxy in front of the web application. This issue has been fixed in Symfony 2.3.1...

Phpyun注入漏洞二

简要描述： 刚在官网下的。 前台注入。 可以直接出管理员的帐号和密码。 无视360webscan。 详细说明： 本来以为挖不到了 无聊翻翻文件看看。 翻到了上次那个注入的文件。 model/register.class.php function regsaveaction $POST=$this-posttrim$POST; $POST'username'=iconv"utf-8","gbk",$POST'username'; $POST'unitname'=iconv"utf-8","gbk",$POST'unitname'; 省略点 ip = $this-obj-funipget;...

Jackie CMS (<=1.7) SQL injection vulnerability analysis-vulnerability warning-the black bar safety net

Jackie CMS Jieqi CMS is a novel system based CMS, currently the latest version is 1. 7, in the novel class of station use rate is still relatively high, these days took some time to look at his code, but quite interesting, to share with you a bit. The entire system of the core code is zend...

Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability

The host is running Microsoft Windows and is prone to remote code execution vulnerability. OpenVAS Vulnerability Test $Id: secpodmswindowsipvalidationcodeexecvuln.nasl 7550 2017-10-24 12:17:52Z cfischer $ Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability Authors:...

CVE-2007-1493

nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172...

CVE-2005-0048

Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."...

CVE-2005-0048

Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."...

CVE-2005-0048

CVE-2005-0048 is a Windows IP stack vulnerability (IP Validation Vulnerability) that allows remote code execution or denial of service via crafted IP packets with malformed options. Affected products include Windows XP SP2 and earlier, Windows 2000 SP3/SP4, and Windows Server 2003. The root cause...

File send interception in AIM

Durig file trasmitio icomig connection is accepted without additioal user or IP validation...