1757 matches found
CVE-2021-20199
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remote hosts. This impacts containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards...
AZL-7329 CVE-2021-20199 affecting package podman for versions less than 4.1.1-1
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remote hosts. This impacts containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards...
CVE-2021-20199
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remote hosts. This impacts containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards...
UBUNTU-CVE-2021-20199
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remote hosts. This impacts containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards...
CVE-2021-20199
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remote hosts. This impacts containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards...
CVE-2021-20199
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 including from remote hosts. This impacts containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards...
Podman onwards Access Control Error Vulnerability
Podman is an engine for developing, managing and running OCI containers on Linux systems. A security vulnerability exists in Podman 1.8.0 onwards, which originates from containerized applications that by default trust the localhost 127.0.01 connection and do not require authentication...
EgavilanMedia PHPCRUD 1.0 Cross Site Scripting
Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting Exploit Author: Mahendra Purbia Vendor Homepage: http://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: Windows 10 Vulnerable...
Life Insurance Management System 1.0 Shell Upload
Exploit Title: Life Insurance Management System 1.0 - File Upload RCE Authenticated Date: 15/1/2021 Exploit Author: Aitor Herrero Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html...
Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)
Exploit Title: Resumes Management and Job Application Website 1.0 - RCE Unauthenticated Date: 3/1/2021 Exploit Author: Arnav Tripathy Vendor Homepage: https://egavilanmedia.com Software Link: https://egavilanmedia.com/resumes-management-and-job-application-website/ Version: 1.0 Tested on:...
CVE-2020-8464
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...
CVE-2020-8464
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...
Design/Logic Flaw
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...
CVE-2020-8464
CVE-2020-8464 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. A vulnerability allows an attacker to craft requests that appear to originate from localhost, potentially exposing the product’s admin interface to users who would not normally have access. The available d...
CVE-2020-25619
An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature port forwarding with a temporary key pair to access network services on the 127.0.0.1 interface, even though thi...
Design/Logic Flaw
OpenAsset Digital Asset Management DAM through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access...
Automattic: GET /api/v2/url_info endpoint is vulnerable to Blind SSRF
Summary: GET /api/v2/urlinfo endpoint is vulnerable to Blind SSRF. I am able to hit both Internal and External services via url parameter by replacing with internal and external url. Platforms Affected: https://www.tumblr.com/ Steps To Reproduce: 1. Login to https://www.tumblr.com/ 2. Follow any...
OpenAsset Digital Asset Management Input Validation Error Vulnerability
Openasset is a digital asset management software for the website building industry from Openasset UK. OpenAsset Digital Asset Management suffers from an input validation error vulnerability that allows an attacker to spoof it using the x - forward - for directive in the header. By providing a loc...
OpenCart 3.0.3.6 Cross Site Request Forgery
Exploit Title: OpenCart 3.0.3.6 - Cross Site Request Forgery Date: 12-11-2020 Exploit Author: Mahendra Purbia Mah3Sec Vendor Homepage: https://www.opencart.com Software Link: https://www.opencart.com/index.php?route=cms/download Version: OpenCart CMS - 3.0.3.6 Tested on: Kali Linux Description:...
OpenCart 3.0.3.6 - Cross Site Request Forgery
Exploit Title: OpenCart 3.0.3.6 - Cross Site Request Forgery Date: 12-11-2020 Exploit Author: Mahendra Purbia Mah3Sec Vendor Homepage: https://www.opencart.com Software Link: https://www.opencart.com/index.php?route=cms/download Version: OpenCart CMS - 3.0.3.6 Tested on: Kali Linux Description:...