CVE-2022-29305

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost...

imgurl SQL注入漏洞

imgurl is a graphical bed application developed using PHP SQLite 3. imgurl version v2.3.1 is vulnerable to SQL injection. The vulnerability originates in /upload/localhost, where the ip is spliced directly into the sql statement, and can be exploited by attackers to cause SQL injection attacks...

CVE-2022-30016

Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=systeminfo...

CVE-2022-30016

Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=systeminfo...

CVE-2022-30016

Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=systeminfo...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 CVE-2022-30525 POC exploit Usage shell u...

CVE-2020-8558

A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are n...

GHSA-WQ4C-WM6X-JW44 Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding

Withdrawn Advisory This advisory has been withdrawn because this vulnerability affects inspector code in https://github.com/nodejs/node, not the legacy debugger at https://github.com/node-inspector/node-inspector. https://github.com/nodejs/node is not in a supported ecosystem. Original Descriptio...

Server-side Request Forgery (SSRF)

asterisk is vulnerable to server-side request forgery. When using STIR/SHAKEN, an attacker can send arbitrary requests to the interfaces such as localhost by using the Identity header...

DEBIAN-CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

Server side request forgery (ssrf)

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

UBUNTU-CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

Asterisk 代码问题漏洞

Asterisk is software for a PBX system that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk version 19.x and prior versions of STIR/SHAKEN contain a security vulnerability that originates from the ability to send arbitrary requests e.g., GET to interfaces such as...

CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests such as GET to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

Asterisk -- multiple vulnerabilities

The Asterisk project reports: AST-2022-001 - When using STIR/SHAKEN, its possible to download files that are not certificates. These files could be much larger than what you would expect to download. AST-2022-002 - When using STIR/SHAKEN, its possible to send arbitrary requests like GET to...

FULL read SSRF

Description there is two bypass method for previous fixes of SSRF in gogs The first is to utilize SSRF attack with a DNS rebinding feature. The second is to use redirection to a localhost URL. Proof of Concept 1- go to the webhooks section and create a gogs webhook. 2- enter an URL that redirects...

Do not scan localhost for Tenable.OT scans.

Binary data otdontscanlocalhost.nbin...

Google perfetto 安全漏洞

Google perfetto is a Google Inc. program for collecting performance information on Android devices via the Android Debug Bridge ADB. Google perfetto suffers from a security vulnerability that originates when a user usually a developer manually invokes the . /tools/run-dev-server script can send...