Lucene search
K

10 matches found

OSV
OSV
added 2024/06/20 7:15 p.m.2 views

CVE-2024-37818

Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery SSRF via the component /strapi.io/next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request. NOTE: The Strapi Development Community argues that this issue ...

8.6CVSS7AI score
Exploits0References2
Kitploit
Kitploit
added 2023/06/06 12:30 p.m.23 views

Kubestroyer - Kubernetes Exploitation Tool

Kubestroyer Kubestroyer aims to exploit Kubernetes clusters misconfigurations and be the swiss army knife of your Kubernetes pentests About The Project Kubestroyer is a Golang exploitation tool that aims to take advantage of Kubernetes clusters misconfigurations. The tool is scanning known...

7.4AI score
Exploits0References4
Cvelist
Cvelist
added 2021/03/02 9:15 p.m.19 views

CVE-2020-12529

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports...

5.8CVSS5.5AI score0.00807EPSS
Exploits0References1
NVD
NVD
added 2020/08/08 9:15 p.m.21 views

CVE-2020-15819

JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports...

5.3CVSS6.1AI score0.01444EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/06/08 12:0 a.m.38 views

CVE-2020-12695 "CallStranger"

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. Recent assessments: kevthehermit at June 0...

7.8CVSS0.1AI score0.15193EPSS
Exploits3References22
Hacker One
Hacker One
added 2017/11/05 3:11 a.m.29 views

Infogram: Internal Ports Scanning via Blind SSRF (URL Redirection to beat filter)

Summary --------------------- This is a blind SSRF that lets you scan internal ports. Technical Details -------------------- Inspired by 281950, I found a way to evade the filter for the api endpoint webresource by using a URL Redirection service. I used tinyurl to create a url that linked to...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2017/10/23 10:27 a.m.15 views

Infogram: Internal Ports Scanning via Blind SSRF

Introduction: I found a Blind SSRF issue that allows scanning internal ports. How to reproduce: Login Send the request https://infogram.com/api/webresource/url?q=TARGETURI Look up the response. If valid, it returns status code 200 and the website's title will be exposed, or 404 for otherwise. For...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2007/12/24 12:0 a.m.60 views

Adobe Flash Player sandbox protection bypass

SecurityErrorEvent can be used for client ports scanning...

5CVSS1.3AI score0.07933EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2005/09/01 12:0 a.m.31 views

flat256enENa2.txt

Flatnuke 2.5.6 enENa2 possibly prior versions user IP address / information disclosure software: site: http://flatnuke.sourceforge.net/flatnuke/ download link: http://itk.hopto.org:666/work/index.php?mod=Download&dlfile=FlatNukeEn/FlatNukeEn2.5.6a2.zip&mode=go same vuln of simple machine forum,...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2005/09/01 12:0 a.m.30 views

smf105.txt

Simple Machine Forum 1-0-5 possibly prior versions user IP address / information disclosure software: site: http://www.simplemachines.org/ information disclosure: a user can choose an sumbit an avatar url like this: http://evilsite/image.php where image.php is a file like this: When forum users...

7.4AI score
Exploits0
Rows per page
Query Builder