CVE-2020-10791

app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests aka SSRF via the Test Connection feature aka testGrafanaConnection of the Grafana Module...

EUVD-2018-10833

Malware in sbrugna...

CVE-2013-1648

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated b...

CVE-2018-19120

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address...

CVE-2020-10791

app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests aka SSRF via the Test Connection feature aka testGrafanaConnection of the Grafana Module...

Design/Logic Flaw

app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests aka SSRF via the Test Connection feature aka testGrafanaConnection of the Grafana Module...

CVE-2018-15517

The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ U...

CVE-2018-19120

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address...

CVE-2018-19120

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address...

CVE-2018-19120

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address...

Hardcoded credentials

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address...

CVE-2018-19120

CVE-2018-19120 detail: The HTML thumbnailer in KDE Applications prior to 18.12.0 can trigger outbound TCP connections to arbitrary IPs, exposing the source IP address. This affects KDE’s HTML thumbnailer component (and related KDE Applications packaging that ships kio-extras). Root cause is insuf...

PT-2018-2191 · D Link · D-Link Central Wifimanager Cwm-100

Name of the Vulnerable Software and Affected Versions: D-Link Central WiFiManager CWM-100 version 1.03 r0098 Description: The issue concerns the MailConnect feature, which is supposed to check connections to an SMTP server but actually allows outbound TCP to any port on any IP address. This leads...

Design/Logic Flaw

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated b...