CVE-2026-33502

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery vulnerability in plugin/Live/test.php allows any remote user to make the AVideo server send HTTP requests to arbitrary URLs. This can be used to probe...

PilotGaea OView MapServer 代码问题漏洞

PilotGaea OView MapServer is a Geographic Information System GIS map server software from PilotGaea in Taiwan, China. A code issue vulnerability exists in PilotGaea OView MapServer, which can be exploited by an unauthenticated, remote attacker to probe the internal network using a server-side...

Ethernet MAC Addresses

This plugin gathers MAC addresses discovered from both remote probing of the host e.g. SNMP and Netbios and from running local checks e.g. ifconfig. It then consolidates the MAC addresses into a single, unique, and uniform list. TRUSTED...

VANED LABS: icecast filesystem disclosure

listdirectory makes no effort to constrain the request to the static directory. Icecast allows for remote probing of the underlying filesystem structure. on a side note, this can also be used to list files with a .mp3 extension anywhere on the system. sendfile does do traversal checking. nc...