9 matches found
CVE-2022-29840
Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...
CVE-2023-22817
Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...
Server side request forgery (ssrf)
Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...
PT-2024-1674 · Western Digital · My Cloud Home Duo +3
Name of the Vulnerable Software and Affected Versions: My Cloud OS versions prior to 5.27.161 My Cloud Home version prior to 9.5.1-104 My Cloud Home Duo version prior to 9.5.1-104 SanDisk ibi version prior to 9.5.1-104 Description: The issue is related to a server-side request forgery SSRF...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...
CVE-2022-29840 Server Side Request Forgery Vulnerability in Western Digital My Cloud Devices
Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...
CVE-2020-15233
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback...
Design/Logic Flaw
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback...
ms-sql-dac NSE Script
Queries the Microsoft SQL Browser service for the DAC Dedicated Admin Connection port of a given or all SQL Server instance. The DAC port is used to connect to the database instance when normal connection attempts fail, for example, when server is hanging, out of memory or in other bad states. In...