37 matches found
CVE-2024-56800
CVE-2024-56800 – Firecrawl SSRF vulnerability : Firecrawl (OSS) before v1.1.1 is affected by a server-side request forgery that can be triggered by a malicious scrape target redirecting to a local IP, enabling exfiltration of local network resources via the API. The cloud service was patched on 2...
PT-2024-37074
Name of the Vulnerable Software and Affected Versions Firecrawl versions prior to 1.1.1 Description Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. The scraping engine could be exploited by crafting a malicious site that redirects to a...
What?s That Scraping Sound? How Web Scraper Bots Erode Ecommerce Profits
...
What’s That Scraping Sound? How Web Scraper Bots Erode Ecommerce Profits
...
Exploit for CVE-2024-28397
Perkenalan 中文 js2py is a popular python...
Exploit for CVE-2024-28397
Introduction 中文 Analysis Chinese./an...
CVE-2024-0455
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...
Cross site request forgery (csrf)
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...
CVE-2024-0455 SSRF on AWS deployed instances of AnythingLLM via /metadata
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...
CVE-2024-0455 SSRF on AWS deployed instances of AnythingLLM via /metadata
The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level manager, admin, and when in single user could put in the URL http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance which is a special IP and URL th...
CVE-2024-0455
CVE-2024-0455 concerns AnythingLLM where a web scraper can trigger a server-side request to the AWS EC2 metadata URL 169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance. If accessed by a user with manager/admin permissions (and in single-user mode) from wit...
PT-2024-15574 · Unknown · Anything-Llm
Name of the Vulnerable Software and Affected Versions: AnythingLLM affected versions not specified Description: The issue allows users with proper authorization levels manager, admin, and when in single user mode to access sensitive information by using a web scraper to query a specific URL:...
CVE-2022-31570
The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Evine - Interactive CLI Web Crawler
Evine is a simple, fast, and interactive web crawler and web scraper written in Golang. Evine is useful for a wide range of purposes such as metadata and data extraction, data mining, reconnaissance and testing. Follow the project on Twitter. Install From Binary Pre-build binary releases are also...
Words Scraper - Selenium Based Web Scraper To Generate Passwords List
Selenium based web scraper to generate passwords list. Installation Download Firefox webdriver from https://github.com/mozilla/geckodriver/releases $ tar xzf geckodriver-vVERSION-HERE.tar.gz $ sudo mv geckodriver /usr/local/bin Make sure it is in your PATH $ geckodriver --version Make sure...
Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address
Bing-ip2hosts is a Bing.com web scraper to discover hostnames by IP address. Description Bing-ip2hosts is a Bing.com web scraper that discovers hostnames by IP address. Bing is the flagship Microsoft search engine formerly known as MSN Search and Live Search. It provides a feature unique to searc...
Linkedin2Username - Generate Username Lists For Companies On LinkedIn (OSINT Tool)
OSINT Tool: Generate username lists from companies on LinkedIn. Works with Python2. This is a pure web-scraper, no API key required. You use your valid LinkedIn username and password to login, it will create several lists of possible username formats for all employees of a company you point it at...