EUVD-2024-38551

Malicious code in bioql PyPI...

MGASA-2024-0272 Updated apache packages fix security vulnerabilities

CVE-2024-40898: Apache HTTP Server: SSRF with modrewrite in server/vhost context on Windows cve.mitre.org SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. CVE-2024-40725:...

wkhtmltopdf 0.12.6 - Server Side Request Forgery Vulnerability

Exploit Title: wkhtmltopdf 0.12.6 - Server Side Request Forgery Date: 20/8/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://wkhtmltopdf.org Software Link: https://wkhtmltopdf.org/downloads.html Version: 0.12.6 Tested on: Windows ASP.NET POST /PDF/FromHTML HTTP/1.1 Host:...

Web vulnerabilities exploit weekly digest #1. March 8-15th 2021. VMware vCenter and Apache OFBiz RCE.

Welcome to the Wallarm weekly web exploits digest! Since this week, we will publish our weekly digests consists of web exploits with CVSS scores higher than 5. It will be followed by explanations, risks analysis, related stories and news. So, here we go! The most sophisticated and interesting...

用友人力资源管理软件全版本XXE漏洞

简要描述： 用友人力资源管理软件全版本XXE漏洞 详细说明： i-漏洞描述 e-hr在登陆及重置密码处理时，使用xml将用户名、密码及验证码传递给后端进行解析处理，而后端对传进来的xml文件并未作严谨验证导致，可以传进构造的恶意xml文件进行查看文件及ssrf。 由于之前提交未通过，说是与一个注入重复可能是我上次的提交说的不够详细，so不管怎样请漏洞审查者对此漏洞进行再次认真考量。谢谢 ii-漏洞证明 google/baidu搜索inurl:/hrss/login.jsp 以搜索出的ehr.mc2.cn进行演示其他的有的较敏感，有的有防火墙。 主页打开效果： 登陆抓包： POST...

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in the cmisbrowser servlet in Content Management Interoperability Service CMIS in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter...