A Server-Side Request Forgery (SSRF) vulnerability was found in the password recovery feature of Plane application. This vulnerability enables attackers to manipulate the email input field and insert a payload to force the server to send HTTP requests to domains controlled by the attacker.
An SSRF vulnerability in IBM Navigator for i allows an authenticated attacker to send unauthorized requests from the system, potentially enabling network enumeration or other attacks. The vulnerability exploits a HTTP servlet generated security token bypass (CVE-2024-51464), allowing attackers to abuse the 'testConnectPort' servlet method to connect to any IP and PORT outside of the LAN, bypassing firewall rules and potentially connecting to attacker-controlled infrastructure.
The ollama 0.6.4 application is vulnerable to Server-Side Request Forgery (SSRF) attack. An attacker can manipulate the 'from' parameter in the payload to make the server send requests to arbitrary hosts, potentially leading to unauthorized access to internal systems.
The appRain CMF 4.0.5 allows remote attackers to execute arbitrary code via an authenticated user uploading a crafted file containing PHP code.
WebCatalog before version 48.8 is vulnerable to arbitrary protocol execution due to calling the Electron shell.openExternal function without proper verification of the URL, allowing an attacker to execute code through arbitrary protocols on the victim's machine by tricking users into syncing pages with malicious URLs. This could result in bypassing security measures for malicious file delivery.
Ladder version v0.0.21 is vulnerable to Server-side Request Forgery (SSRF) due to inadequate restrictions on destination addresses. This allows an attacker to send GET requests to addresses that are usually inaccessible externally. Attackers can exploit this to reach private address ranges, locally hosted services, and cloud instance metadata APIs.
WebCatalog version 48.4 and earlier does not properly validate URLs before calling the Electron shell.openExternal function, enabling an attacker to execute code via arbitrary protocols when users interact with malicious URLs. This can lead to the bypassing of security mechanisms for delivering malicious files.
Ladder v0.0.21 allows attackers to perform Server-Side Request Forgery (SSRF) attacks by not enforcing sufficient restrictions on destination addresses. This enables attackers to send GET requests to addresses that are typically inaccessible from an external context, potentially allowing access to private address ranges, local services, and cloud instance metadata APIs. This vulnerability has been assigned CVE-2024-27620.
Ladder v0.0.21 does not properly restrict destination addresses, enabling an attacker to send GET requests to addresses that are usually inaccessible externally. This allows unauthorized access to private address ranges, local services, and cloud instance metadata APIs. The vulnerability can be exploited to extract sensitive information.
The Webedition CMS v2.9.8.8 is vulnerable to a blind Server-Side Request Forgery (SSRF) attack. An attacker can exploit this vulnerability by sending a crafted request to the rpc.php file, specifically the widgetGetRss function. By manipulating the we_cmd[0] parameter, an attacker can make the server send a request to a specified URL, potentially bypassing access controls and retrieving sensitive information.
Services By CQR