Orckestra C1 CMS 代码问题漏洞

Orckestra C1 CMS is an open source web content management system CMS based on . A code issue vulnerability exists in Orckestra C1 CMS versions prior to 6.12 that allows an authenticated attacker to send arbitrary GET requests through the server to other servers on the local network or localhost...

Citrix-ADM using localhost IP 127.0.0.1 to send syslog traffic to Splunk server

Citrix-ADM 13.0 76.29 is noted to be using localhost IP to send Syslog traffic instead of ADM IP to external Syslog server. As a result, Citrix ADM is not able to send the Syslog traffic to Splunk server successfully as seen below. A tcpdump on Citrix ADM also shows traffic is generated and sent...

CVE-2022-24396

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities an...

CVE-2022-24396

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities an...

CVE-2022-24396

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities an...

SAP Focused Run 安全漏洞

SAP Focused Run is a data center and large customer systems operations management solution the ultimate solution for high volume monitoring, alerting, diagnostics and analysis from SAP. An Access Control Error vulnerability exists in SAP Focused Run, which stems from a failure to perform any...

GHSA-2647-C639-QV2J Server-Side Request Forgery in calibreweb

calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is due to an incomplete fix for CVE-2022-0339. The blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...

Server-Side Request Forgery in calibreweb

calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is a result of incomplete SSRF protection that can be bypassed via an HTTP redirect. An HTTP server set up to respond with a 302 redirect may redirect a request to localhost...

PT-2022-16671 · Unknown · Simple Diagnostics Agent

Name of the Vulnerable Software and Affected Versions: The Simple Diagnostics Agent versions 1.0 up to version 1.57 Description: The issue concerns the lack of authentication checks for functionalities accessible via localhost on http port 3005. This allows an attacker to access administrative or...

PT-2022-13423 · Unknown · Calibre-Web

Name of the Vulnerable Software and Affected Versions: calibre-web versions prior to 0.6.17 Description: The issue is related to Server-Side Request Forgery SSRF due to incomplete protection that can be bypassed via an HTTP redirect. An HTTP server set up to respond with a 302 redirect may redire...

PT-2022-13422 · Unknown · Calibre-Web

Name of the Vulnerable Software and Affected Versions: calibre-web versions prior to 0.6.17 Description: The issue is related to Server-Side Request Forgery SSRF in the GitHub repository janeczku/calibre-web. This is due to an incomplete fix, which results in the blacklist not checking for 0.0.0....

Server-Side Request Forgery (SSRF)

Description The fix for my previous report CVE-2022-0767 is still incomplete and could be bypassed via IPV4/IPV4 embedding : ssrf-ipv4ipv6.etclab.top will resolve to 0:0:0:0:0:ffff:127.0.0.1 Proof of Concept POST /admin/book/1 HTTP/1.1 Host: 127.0.0.1:8083 User-Agent: Mozilla/5.0 Windows NT 10.0;...

Server-Side Request Forgery (SSRF)

Description The SSRF Protection is incomplete and can be bypassed via an HTTP redirect, the python-requests library will follow redirections by default can be disabled byallowredirects=False. An attacker can set up their HTTP server to respond with a 302 redirect to redirect the request to...

CVE-2021-25939

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and...

CVE-2021-25939 ArangoDB - Blind SSRF when Downloading Foxx Service from URL

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and...

CVE-2022-23184

In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects...

CVE-2022-23184

In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects...

CVE-2022-23184

In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects...

CVE-2022-23184

CVE-2022-23184 concerns Octopus Server where HTTP/HTTPS bindings set to localhost allow open redirects. The connected sources confirm the vulnerable condition but do not specify affected versions, root cause details beyond localhost binding, exploit status, or a published fix. No mitigation or pa...

Octopus Server 输入验证错误漏洞

Octopus Server is an automated deployment platform. An input validation error vulnerability exists in Octopus Server that stems from the product's configuration of HTTP and HTTPS bindings to the local host where the server will allow open redirects...