Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the plugin/LiveLinks/proxy.php process. An attacker can access internal services or sensitive endpoints by exploiting a DN...

CVE-2026-2711

A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrfproxy.py of the component URL Handler. The manipulation of the argument makerequest leads to server-side...

CVE-2025-66208

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

Streamity.tv 代码问题漏洞

Streamity.tv is an advanced IPTV web player by E M Individual Developer. A code issue vulnerability exists in Streamity.tv version 2.8 and earlier, which stems from a misbehavior in the file public/proxy.php and could lead to server-side request forgery...

EUVD-2019-3223

Malware in sbrugna...

CVE-2014-4507

Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. dot dot in the dst parameter to tftp/fetchbootfile...

Exposure Of Resource To Wrong Sphere

dirac is vulnerable to Exposure of Resource to Wrong Sphere. The vulnerability is due to the proxy generation process in ProxyFile.py, which allows unauthorized users on the same machine to read the proxy file allowing them to perform any action possible with the original proxy...

CVE-2024-0308

A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument purl leads to server-side request forgery. The attack may be initiated remotely. The exploit...

Jenkins Code Dx Plugin 路径遍历漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

SUSE CVE-2020-26154

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header...

AZL-7271 CVE-2020-26154 affecting package libproxy for versions less than 0.4.17-5

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header...

httpd: mod_proxy_ftp use of uninitialized value

A flaw was found in Apache's HTTP server httpd .The modproxyftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality...

DonLinkage SQL Injection Vulnerability

DonLinkage is a locator program. A SQL injection vulnerability exists in the /pages/proxy/php.php and /pages/proxy/add.php files in DonLinkage version 6.6.8. A remote attacker can exploit this vulnerability with specially crafted input to obtain information from the database...

PT-2017-5751 · Joomla · Googlemaps Plugin

Name of the Vulnerable Software and Affected Versions: Googlemaps plugin for Joomla! versions prior to 3.1 Description: The issue allows remote attackers to conduct XML injection attacks. This is achieved by exploiting the url parameter in the plugin googlemap2 proxy.php file. Recommendations: Fo...

Googlemaps Plugin Denial of Service Vulnerability in Joomla!

Joomla! is the U.S. Open Source Matters development team developed a set of open source content management system CMS, it provides RSS feeds, site search and other features. Googlemaps is one of the set of Google Maps plug-ins. A security vulnerability exists in the Joomla! Googlemaps plugin that...

Proxy File '.pac' Request to Public IP Address

Binary data 7206.pasl...

Proxy File '.pac' External Request Detection

Binary data 7205.pasl...

httpd: multiple XSS flaws due to unescaped hostnames

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

CVE-2012-4504

Stack-based buffer overflow in the url::getpac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file...

httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...