203 matches found
HackTheBox-Penetration-Testing-Methodology
HackTheBox Penetration Testing Methodology by 9mmpterodacty...
EUVD-2001-0879
Malware in sbrugna...
EUVD-2001-0775
Malware in sbrugna...
EUVD-2002-0347
Malware in sbrugna...
EUVD-2004-2411
Malware in sbrugna...
EUVD-2023-49459
Malicious code in bioql PyPI...
EUVD-2024-32035
Malicious code in bioql PyPI...
EUVD-2024-1136
Malicious code in bioql PyPI...
CVE-2024-3448
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port...
GHSA-74P6-39F2-23V3 Blind SSRF Leads to Port Scan by using Webhooks
Impact Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. Affected Versions Umbraco versions 13.0.0 - 13.1.1 Patches 13.1.1 Workarounds Disabling webhooks functionality...
Blind SSRF Leads to Port Scan by using Webhooks
Impact Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. Affected Versions Umbraco versions 13.0.0 - 13.1.1 Patches 13.1.1 Workarounds Disabling webhooks functionality...
CVE-2024-29035 Umbraco's Blind SSRF Leads to Port Scan by using Webhooks
Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1...
CVE-2024-3448
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port...
CVE-2024-3448 Improper Access Control Leads to Server-Side Request Forgery in Mautic
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port...
CVE-2024-3448
CVE-2024-3448 affects Mautic, where users with low privileges can exploit improper access to ajax?action=plugin:focus:checkIframeAvailability to trigger a server-side request forgery. The flaw allows an attacker to analyze backend error messages and perform a back-end port scan. Public details in...
BIT-MYSQL-CLIENT-2023-5157 Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service...
BIT-MARIADB-2023-5157 Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service...
Server Side Request Forgery
automad is vulnerable to Server Side Request Forgery. The vulnerability is due to improper validation of the importUrl argument within FileController.php. This issue can be exploited by an attacker to internal perform a port scan against the local environment or abuse local services...
Authenticated Blind SSRF in automad/automad
automad up to 1.10.9 is vulnerable to an authenticated blind server-side request forgery in importUrl as the import function on the FileController.php file was not properly validating the value of the importUrl argument. This issue may allow attackers to perform a port scan against the local...
CVE-2021-42794
An issue was discovered in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses...