rConfig 3.9.4 - Server-Side Request Forgery

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs. id: CVE-2023-39108 info: name: rConf...

ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval

ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. id: CVE-2017-11512 info...

Ligeo Archives Ligeo Basics - Server Side Request Forgery

Ligeo Archives Ligeo Basics as of 0201-2022 is vulnerable to Server Side Request Forgery SSRF which allows an attacker to read any documents via the download features. id: CVE-2021-46107 info: name: Ligeo Archives Ligeo Basics - Server Side Request Forgery author: ritikchaddha severity: high...

Adobe ColdFusion - Arbitrary File Read

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary...

GDidees CMS v3.9.1 - Arbitrary File Download

GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /admin/imgdownload.php. id: CVE-2023-27179 info: name: GDidees CMS v3.9.1 - Arbitrary File Download author: theamanrawat severity: high description: | GDidees CMS v3.9.1 a...

CrushFTP VFS - Sandbox Escape LFR

VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. id: CVE-2024-4040 info: name: CrushFTP VFS - Sandbox Escape LFR author: DhiyaneshDK,pussycat0x severity:...

EUVD-2024-16632

Malicious code in bioql PyPI...

CVE-2024-0849

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR...

Code injection

Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR...

CVE-2024-0849

CVE-2024-0849 (Leanote 2.7.0) is a local-file-read vulnerability caused by a Local File Reading (LFR) weakness, allowing an attacker to obtain arbitrary local files. The vulnerability is explicitly described in multiple sources as affecting Leanote version 2.7.0, with the impact being exposure of...

GitHub Security Lab: [JavaScript]: add query for Express-HBS LFR

This bug was reported directly to GitHub Security Lab...

Mail.ru: Path traversal lead to LFR via [CVE-2019-3394]

Path traversal lead to Local File Read via CVE-2019-3403 in confluence.plazius.ru...

Mail.ru: [city-mobil.ru] SSRF & limited LFR on /taxiserv/photoeditor/save endpoint via base64 POST parameter

Vulnerability in photo editing functionality of https://city-mobil.ru/taxiserv/ allowed SSRF requests to internal services and local file read ability limited to image files. ¯\ツ/¯ I don't understand how I have missed it during fix validation of 748123 report. It's partly blind SSRF & LFR, which...

Mail.ru: SSRF & LFR on city-mobil.ru

SSRF/LFR vulnerability via photo upload functionality of partner's cabinet of city-mobil.ru...

Mail.ru: SSRF & LFR via on city-mobil.ru

SSRF/LFR vulnerability via photo editor functionality of partner's cabinet of city-mobil.ru...

Mail.ru: Open Selenoid instance at 188.93.63.186 leads to LFR/SSRF.

Externally accessible Selenoid instance in Mail.Ru Games network was vulnerable to LFR and SSRF via URI injection...

h1-5411-CTF: H1-5411 CTF Write-up by erbbysam and ziot

@erbbysam and I recently set out to beat the latest CTF challenge hosted by HackerOne. Here is a write-up with the process we took from start to finish. The h1-5411 CTF begins with a tweet from HackerOne: https://twitter.com/Hacker0x01/status/1044974142150373378 F351665 This leads to a website...