Asterisk -- multiple vulnerabilities

The Asterisk project reports: AST-2022-001 - When using STIR/SHAKEN, its possible to download files that are not certificates. These files could be much larger than what you would expect to download. AST-2022-002 - When using STIR/SHAKEN, its possible to send arbitrary requests like GET to...

FULL read SSRF

Description there is two bypass method for previous fixes of SSRF in gogs The first is to utilize SSRF attack with a DNS rebinding feature. The second is to use redirection to a localhost URL. Proof of Concept 1- go to the webhooks section and create a gogs webhook. 2- enter an URL that redirects...

Do not scan localhost for Tenable.OT scans.

Binary data otdontscanlocalhost.nbin...

Google perfetto 安全漏洞

Google perfetto is a Google Inc. program for collecting performance information on Android devices via the Android Debug Bridge ADB. Google perfetto suffers from a security vulnerability that originates when a user usually a developer manually invokes the . /tools/run-dev-server script can send...

Orckestra C1 CMS 代码问题漏洞

Orckestra C1 CMS is an open source web content management system CMS based on . A code issue vulnerability exists in Orckestra C1 CMS versions prior to 6.12 that allows an authenticated attacker to send arbitrary GET requests through the server to other servers on the local network or localhost...

Citrix-ADM using localhost IP 127.0.0.1 to send syslog traffic to Splunk server

Citrix-ADM 13.0 76.29 is noted to be using localhost IP to send Syslog traffic instead of ADM IP to external Syslog server. As a result, Citrix ADM is not able to send the Syslog traffic to Splunk server successfully as seen below. A tcpdump on Citrix ADM also shows traffic is generated and sent...

CVE-2022-24396

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities an...

CVE-2022-24396

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities an...

CVE-2022-24396

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities an...

SAP Focused Run 安全漏洞

SAP Focused Run is a data center and large customer systems operations management solution the ultimate solution for high volume monitoring, alerting, diagnostics and analysis from SAP. An Access Control Error vulnerability exists in SAP Focused Run, which stems from a failure to perform any...

GHSA-2647-C639-QV2J Server-Side Request Forgery in calibreweb

calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is due to an incomplete fix for CVE-2022-0339. The blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...

Server-Side Request Forgery in calibreweb

calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is a result of incomplete SSRF protection that can be bypassed via an HTTP redirect. An HTTP server set up to respond with a 302 redirect may redirect a request to localhost...

PT-2022-16671 · Unknown · Simple Diagnostics Agent

Name of the Vulnerable Software and Affected Versions: The Simple Diagnostics Agent versions 1.0 up to version 1.57 Description: The issue concerns the lack of authentication checks for functionalities accessible via localhost on http port 3005. This allows an attacker to access administrative or...

PT-2022-13423 · Unknown · Calibre-Web

Name of the Vulnerable Software and Affected Versions: calibre-web versions prior to 0.6.17 Description: The issue is related to Server-Side Request Forgery SSRF due to incomplete protection that can be bypassed via an HTTP redirect. An HTTP server set up to respond with a 302 redirect may redire...

PT-2022-13422 · Unknown · Calibre-Web

Name of the Vulnerable Software and Affected Versions: calibre-web versions prior to 0.6.17 Description: The issue is related to Server-Side Request Forgery SSRF in the GitHub repository janeczku/calibre-web. This is due to an incomplete fix, which results in the blacklist not checking for 0.0.0....

Server-Side Request Forgery (SSRF)

Description The fix for my previous report CVE-2022-0767 is still incomplete and could be bypassed via IPV4/IPV4 embedding : ssrf-ipv4ipv6.etclab.top will resolve to 0:0:0:0:0:ffff:127.0.0.1 Proof of Concept POST /admin/book/1 HTTP/1.1 Host: 127.0.0.1:8083 User-Agent: Mozilla/5.0 Windows NT 10.0;...

Server-Side Request Forgery (SSRF)

Description The SSRF Protection is incomplete and can be bypassed via an HTTP redirect, the python-requests library will follow redirections by default can be disabled byallowredirects=False. An attacker can set up their HTTP server to respond with a 302 redirect to redirect the request to...

CVE-2021-25939

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and...

CVE-2021-25939 ArangoDB - Blind SSRF when Downloading Foxx Service from URL

In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and...

CVE-2022-23184

In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects...