The appRain CMF 4.0.5 allows remote attackers to execute arbitrary code via an authenticated user uploading a crafted file containing PHP code.
WebCatalog before version 48.8 is vulnerable to arbitrary protocol execution due to calling the Electron shell.openExternal function without proper verification of the URL, allowing an attacker to execute code through arbitrary protocols on the victim's machine by tricking users into syncing pages with malicious URLs. This could result in bypassing security measures for malicious file delivery.
Ladder version v0.0.21 is vulnerable to Server-side Request Forgery (SSRF) due to inadequate restrictions on destination addresses. This allows an attacker to send GET requests to addresses that are usually inaccessible externally. Attackers can exploit this to reach private address ranges, locally hosted services, and cloud instance metadata APIs.
WebCatalog version 48.4 and earlier does not properly validate URLs before calling the Electron shell.openExternal function, enabling an attacker to execute code via arbitrary protocols when users interact with malicious URLs. This can lead to the bypassing of security mechanisms for delivering malicious files.
Ladder v0.0.21 allows attackers to perform Server-Side Request Forgery (SSRF) attacks by not enforcing sufficient restrictions on destination addresses. This enables attackers to send GET requests to addresses that are typically inaccessible from an external context, potentially allowing access to private address ranges, local services, and cloud instance metadata APIs. This vulnerability has been assigned CVE-2024-27620.
Ladder v0.0.21 does not properly restrict destination addresses, enabling an attacker to send GET requests to addresses that are usually inaccessible externally. This allows unauthorized access to private address ranges, local services, and cloud instance metadata APIs. The vulnerability can be exploited to extract sensitive information.
The Webedition CMS v2.9.8.8 is vulnerable to a blind Server-Side Request Forgery (SSRF) attack. An attacker can exploit this vulnerability by sending a crafted request to the rpc.php file, specifically the widgetGetRss function. By manipulating the we_cmd[0] parameter, an attacker can make the server send a request to a specified URL, potentially bypassing access controls and retrieving sensitive information.
Remote attackers can abuse the Podcast feature of subsonic to launch Server Side Request Forgery attacks on the internal network or to the internet if an authenticated user clicks a malicious link or visits an attacker controlled webpage. SSRF can be used to bypass Firewall restriction on LAN.
The YetiShare File Hosting Script 5.1.0 has a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability allows an attacker to make requests from the server to other internal or external resources. It occurs when user input is not properly validated before being used in an HTTP request.
The Canto plugin 1.3.0 for WordPress contains Blind SSRF Vulnerabilities. It allows an unauthenticated attacker to make a request to any Internal and External Server via 'subdomain' parameter.
Services By CQR