17 matches found
MAL-2026-5718 Malicious code in ect-472839-ctf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a67248cb7373817da18e0edf4a019e2e6c9ded239e93a2e477ac168f7f45eeaa package.json declares a preinstall hook "preinstall": "node index.js" that auto-executes on npm install. index.js issues an HTTP GET to the hardcoded...
Malicious code in ect-654321 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec784a9a1926de8d2c18de41c996e69e10f7001bf9fdc7604edc22d5775b4540 ect-654321 contains only a package.json with a preinstall lifecycle hook that unconditionally executes wget...
CVE-2026-39843 Plane has a Server-Side Request Forgery (SSRF) in Favicon Fetching
Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag with an href that redirects to a private IP address ...
Server-side Request Forgery (SSRF)
Overview request-filtering-agent is an An https.Agent implementation that block request Private IP address. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HTTPS request handling process. An attacker can access internal services by sending specially...
CVE-2025-53081
An 'Arbitrary File Creation' in Samsung DMSData Management Server allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses...
IP Filtering Bypass
@misskey-dev/summaly is vulnerable to IP Filtering Bypass. The vulnerability is due to improper validation of HTTP redirects, where private IP address checks are applied only to the HEAD response but not to the GET response, allowing redirection to private IPs...
Multiple out-of-bounds write vulnerabilities in Canon Office/Small Office Multifunction Printers and Laser Printers
Overview Office/Small Office Multifunction Printers and Laser Printers provided by Canon Inc. contain multiple out-of-bounds write vulnerabilities CWE-787, CVE-2023-6229, CVE-2023-6230, CVE-2023-6231, CVE-2023-6232, CVE-2023-6233, CVE-2023-6234, CVE-2024-0244. Canon Inc. reported these...
Security Bulletin: Netcool Operations Insights - Private IP Address Disclosed
Summary It was observed that the private IP address was disclosed in HTTP responses. Although various methods exist by which an attacker can determine the public IP addresses in use by an organization, the private addresses used internally cannot usually be determined in the same ways...
CVE-2014-10079
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash...
Opera WebRTC Component Information Disclosure Vulnerability
Opera is a Norwegian Web browser developed by Opera Software, which supports multi-window browsing, customizable user interfaces, etc. The WebRTC component is one of the Web real-time communication components. A security vulnerability exists in the WebRTC component in Opera version 51.0.2830.55. ...
DuckDuckGo Private IP Address Disclosure Vulnerability
DuckDuckGo is an extension for use in browsers. It is used to access the web anonymously.WebRTC component is a component used in it to support real-time voice conversations or video conversations in the browser. A security vulnerability exists in the WebRTC component in DuckDuckGo version 4.2.0. ...
CVE-2018-6849
In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information such as https://ip.voidsec.com, the browser can disclose a private IP address in a STUN request...
India's leading IT companies TCS (Tata Consultancy Services) & Tech Mahindra is also not Secure !
India's leading IT companies TCS Tata Consultancy Services & Tech Mahindra is also not Secure ! Here are some proofs submitted to THN : The Hacker News by a Indian hacker - THEDREAMBOY , as shown below , which can easily prove that , YES ! India's leading IT companies TCS Tata Consultancy Service...
Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)
This host has Microsoft DNS Devolution and is prone to Third-Level Domain Name Resolving Weakness. OpenVAS Vulnerability Test $Id: secpodmsdnsdevolutionresolvingweakness.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness 971888 Authors...
Danware NetOp Host HELO Request Remote Information Disclosure
This plugin displays the basic name and address information provided by NetOp products for easy network browsing. Administrators should disable displaying this information if they don't want it to be visible. Note that leaked private IP addresses are only an issue if the NetOp product is listenin...
CVE-2000-0181
Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection...
CVE-2000-0181
Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection...