SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Summary While examining the "App Link assetlinks.json file could not be found" vulnerability detected by MobSF, we, as the Trendyol Application Security team, noticed that a GET request was sent to the "/.well-known/assetlinks.json" endpoint for all hosts written with "android:host". In the...

GHSA-WFGJ-WRGH-H3R3 SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Summary While examining the "App Link assetlinks.json file could not be found" vulnerability detected by MobSF, we, as the Trendyol Application Security team, noticed that a GET request was sent to the "/.well-known/assetlinks.json" endpoint for all hosts written with "android:host". In the...

Ipswitch WS_FTP Server 5.04 multiple arbitrary code execution vulnerabilities

Synopsis: Ipswitch WSFTP Server 5.04 multiple arbitrary code execution vulnerabilities Michal Bucko sapheal, HACKPL. I. BACKGROUND "..WSFTP Server is commonly used for setting up an FTP server that allows users to login, download and upload files...", note from Ipswitch web site. II. DESCRIPTION...