333 matches found
CVE-2024-41783
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input...
CVE-2024-38337
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments...
CVE-2024-41783 IBM Sterling Secure Proxy improper input validation
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input...
CVE-2024-41783 IBM Sterling Secure Proxy improper input validation
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input...
CVE-2024-41783
IBM Sterling Secure Proxy is affected across versions 6.0.0.0–6.2.0.0 by an improper validation of a specified input type that could allow a privileged user to inject commands into the underlying OS. The vulnerability’s root cause is input validation failure, with a CVSS v3.1 base score of 9.1 (C...
CVE-2024-38337 IBM Sterling Secure Proxy improper input validation
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments...
CVE-2024-38337 IBM Sterling Secure Proxy improper input validation
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments...
CVE-2024-38337
IBM Sterling Secure Proxy (versions 6.0.0.0–6.2.0.0) is affected by an improper permission assignment vulnerability (CWE-732) that could allow an unauthorized attacker to retrieve or alter sensitive information due to incorrect permissions on a critical resource. The IBM Security Bulletin confirm...
IBM Sterling Secure Proxy 安全漏洞
IBM Sterling Secure Proxy is an International Business Machines IBM application agent used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A security vulnerability exists in IBM Sterling Secure Proxy that stems from improper validation of specific types of input...
CVE-2024-56800
Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...
CVE-2024-56800
Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...
CVE-2024-56800 Firecrawl has SSRF Vulnerability via malicious scrape target
Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...
CVE-2024-56800 Firecrawl has SSRF Vulnerability via malicious scrape target
Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...
CVE-2024-56800
CVE-2024-56800 – Firecrawl SSRF vulnerability : Firecrawl (OSS) before v1.1.1 is affected by a server-side request forgery that can be triggered by a malicious scrape target redirecting to a local IP, enabling exfiltration of local network resources via the API. The cloud service was patched on 2...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to improper input validation
Summary IBM Sterling Secure Proxy is affected by an improper input validation vulnerability that is exploitable by authenticated, privileged users. Vulnerability Details CVEID:CVE-2024-41783 DESCRIPTION: IBM Sterling Secure Proxy could allow a privileged user to inject commands into the underlyin...
CVE-2024-41784
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences /.../ to view arbitrary files on the system...
CVE-2024-41784 IBM Sterling Secure Proxy directory traversal
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences /.../ to view arbitrary files on the system...
CVE-2024-41784 IBM Sterling Secure Proxy directory traversal
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences /.../ to view arbitrary files on the system...
CVE-2024-41784
CVE-2024-41784 affects IBM Sterling Secure Proxy 6.0.0.0–6.1.0.0 and is a directory-traversal vulnerability exploited by specially crafted URLs containing "/.../" to view arbitrary system files. IBM and CVE records confirm this risk and provide fixes: upgrades to 6.0.3.1 GA or 6.1.0.1 GA (and rel...
PT-2024-29563 · Ibm · Ibm Sterling Secure Proxy
Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 6.0.0.0 through 6.1.0.0 Description: The issue allows a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to vi...