EUVD-2021-2351

Malware in sbrugna...

CVE-2024-39535

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a device has a Layer 3 or an IRB interface configur...

GHSA-GQPW-9Q54-9X28 Server-Side Request Forgery in Concrete CMS

Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable to SSRF attacks on the private LAN to servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb...

Server-Side Request Forgery in Concrete CMS

Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable to SSRF attacks on the private LAN to servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb...

PortlandLabs Concrete Cms Code Problem Vulnerability

PortlandLabs Concrete Cms is a team-oriented open source content management system from PortlandLabs, Inc. PortlandLabs Concrete CMS has a code issue vulnerability that can be exploited by attackers in a private LAN and exploit local network appandb...

CVE-2021-22970

Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SS...

Concrete CMS: SSRF - pivoting in the private LAN

The upload from remote servers features allows me to perform SSRF attack on the private LAN servers. this features checks the following http response code needs to be 200 - easy, a non issue for attackers really checks the file exension can be bypassed with something like...

CVE-2021-0257

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs Modular Port Concentrators where Integrated Routing and Bridging IRB interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge CE devices may cause memo...

Junos OS: Mbuf leak due to processing MPLS packets in VPLS network.

A Junos device with VPLS routing-instances configured on one or more interfaces may be susceptible to an mbuf leak when processing a specific MPLS packet. Approximately 1 mbuf is leaked per each packet processed. The number of mbufs is platform dependent. The following command provides the number...

Cisco IOS Software VPLS denial of service (cisco-sa-20170927-vpls)

According to its self-reported version and configuration, the Cisco IOS software running on the remote device is affected by a denial of service vulnerability in the Virtual Private LAN Service VPLS feature. An unauthenticated, remote attacker can exploit this, via specially crafted requests, to...