PT-2024-33413 · Infomaniak · Vod Infomaniak

Name of the Vulnerable Software and Affected Versions: VOD Infomaniak versions 1.5.7 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on the affected system. This problem affects VOD Infomaniak, allowin...

The vulnerability of the validateAMCWSConnection method in the Ivanti Avalanche mobile device management system allows a hacker to disclose protected information.

The vulnerability of the validateAMCWSConnection method in the Ivanti Avalanche mobile device management system is related to insufficient validation of incoming requests. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

PT-2024-6800 · Passwork · Passwork

Name of the Vulnerable Software and Affected Versions: Passwork affected versions not specified Description: The issue is related to insufficient validation of incoming requests in the password manager. This can be exploited by a remote attacker to perform a Server-Side Request Forgery SSRF attac...

The vulnerability of the Apache OFBiz resource planning software lies in the insufficient validation of incoming requests, allowing a hacker to execute an SSRF attack.

The vulnerability of Apache OFBiz’s resource planning software lies in the insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

GO-2024-3099 Hyperledger Fabric does not verify request has a timestamp within the expected time window in github.com/hyperledger/fabric

Hyperledger Fabric does not verify request has a timestamp within the expected time window in github.com/hyperledger/fabric...

The vulnerability of the graphical tool for creating and supporting artificial intelligence – Microsoft Copilot Studio – arises from insufficiently checking incoming requests, allowing a hacker to execute an SSRF attack.

The vulnerability of the graphical tool for creating and supporting artificial intelligence, Microsoft Copilot Studio, is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...

The vulnerability of the white-list analyzer service in the GravityZone proxy server allows a hacker to perform an SSRF attack.

The vulnerability of the white-list analyzer service in the GravityZone proxy server is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

The vulnerability of the mod_rewrite module in the Apache HTTP Server allows a hacker to perform an SSRF attack.

The vulnerability of the modrewrite module in the Apache HTTP Server is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

The vulnerability in the web client of IBM Datacap software for document collection and processing allows a hacker to perform an SSRF attack due to insufficient validation of incoming requests.

The vulnerability in the web-based client of IBM Datacap software for document collection and processing involves insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

The vulnerability of the IBM InfoSphere Information Server software platform, related to insufficient validation of incoming requests, allows a hacker to execute an SSRF attack.

The vulnerability of the IBM InfoSphere Information Server software integration platform is related to insufficient testing of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

The vulnerability of the Apache HTTP Server web server is related to insufficient checking of incoming requests, which allows attackers to perform SSRF attacks.

The vulnerability of the Apache HTTP Server is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce Webhooks lies in insufficient validation of incoming requests. This allows attackers to execute arbitrary code.

The vulnerability of programming platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce Webhooks is related to insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

The vulnerability in the web interface for controlling the automation software of Cisco Finesse’s operator functions allows a hacker to perform an SSRF attack.

The vulnerability in the web interface for controlling the automation software of Cisco Finesse operators is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack using a specially created HTTP request...

FreeBSD : Gitlab -- Vulnerabilities (92cd1c03-2940-11ef-bc02-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 92cd1c03-2940-11ef-bc02-001b217b3468 advisory. Gitlab reports: ReDoS in gomod dependency linker ReDoS in CI interpolation fix bypass ReDoS in...

The vulnerability of the webhook component of the Grafana OnCall notification system allows a hacker to perform an SSRF attack.

The vulnerability of the webhook component in the Grafana OnCall notification system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS in gomod dependency linker ReDoS in CI interpolation fix bypass ReDoS in Asana integration issue mapping when webhook is called XSS and content injection when viewing raw XHTML files on iOS devices Missing agentk request validation could cause KAS to panic...

PT-2024-30411 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: gradio-app/gradio version 4.21.0 Description: A Server-Side Request Forgery SSRF vulnerability exists, specifically within the "/queue/join" endpoint and the save url to cache function. The vulnerability arises when the path value, obtained...

Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...

PT-2024-28444 · Totara · Totara Lms

Name of the Vulnerable Software and Affected Versions: Totara LMS version 18.0.1 Build 20231128.01 Description: A problematic vulnerability has been found in Totara LMS, affecting an unknown part. The manipulation leads to cross-site request forgery, and it is possible to initiate the attack...

PT-2024-25165 · Tibco · Tibco Jasperreports Server

Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions 8.0.4 through 8.2.0 Description: The issue allows for the injection of malicious executable scripts into the code of a trusted application, potentially leading to the theft of a user's active session cookie...