b33t1e b33t1e
b33t1e
/ Microcks SSRF
Created
November 15, 2023 04:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [description] | |
| Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request. | |
| > | |
| ------------------------------------------ | |
| > | |
| [Vulnerability Type] | |
| Server-Side Request Forgery (SSRF) | |
| > | |
| ------------------------------------------ | |
| > |
b33t1e
/ CVE-2023-27164
Created
March 30, 2023 03:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [description] | |
| An arbitrary file upload vulnerability in Halo up to v1.6.1 allows | |
| attackers to execute arbitrary code via a crafted .md file. | |
| > | |
| ------------------------------------------ | |
| > | |
| [VulnerabilityType Other] | |
| File Upload | |
| > | |
| ------------------------------------------ |
b33t1e
/ CVE-2023-27163
Created
March 30, 2023 02:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [description] | |
| request-baskets up to v1.2.1 was discovered to contain a Server-Side | |
| Request Forgery (SSRF) via the component /api/baskets/{name}. This | |
| vulnerability allows attackers to access network resources and | |
| sensitive information via a crafted API request. | |
| > | |
| ------------------------------------------ | |
| > | |
| [VulnerabilityType Other] | |
| Server-Side Request Forgery (SSRF) |
b33t1e
/ CVE-2023-27162
Created
March 30, 2023 02:54
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [description] | |
| openapi-generator up to v6.4.0 was discovered to contain a Server-Side | |
| Request Forgery (SSRF) via the component /api/gen/clients/{language}. | |
| This vulnerability allows attackers to access network resources and | |
| sensitive information via a crafted API request. | |
| > | |
| ------------------------------------------ | |
| > | |
| [VulnerabilityType Other] | |
| Server-Side Request Forgery (SSRF) |
b33t1e
/ CVE-2023-27161
Created
March 30, 2023 02:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [description] | |
| Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request | |
| Forgery (SSRF) via the component /Repositories. This vulnerability | |
| allows attackers to access network resources and sensitive information | |
| via a crafted POST request. | |
| > | |
| ------------------------------------------ | |
| > | |
| [VulnerabilityType Other] | |
| Server-Side Request Forgery (SSRF) |
b33t1e
/ CVE-2023-27160
Created
March 30, 2023 02:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [description] | |
| forem up to v2022.11.11 was discovered to contain a Cross Site Request Forgery (CSRF) | |
| via the component /articles, /articles/{id}. | |
| > | |
| ------------------------------------------ | |
| > | |
| [Vulnerability Type] | |
| Cross Site Request Forgery (CSRF) | |
| > | |
| ------------------------------------------ |
b33t1e
/ CVE-2023-27159
Created
March 30, 2023 02:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [description] | |
| Appwrite up to v1.2.1 was discovered to contain a Server-Side Request | |
| Forgery (SSRF) via the component /v1/avatars/favicon. This | |
| vulnerability allows attackers to access network resources and | |
| sensitive information via a crafted GET request. | |
| > | |
| ------------------------------------------ | |
| > | |
| [VulnerabilityType Other] | |
| Server-Side Request Forgery (SSRF) |
b33t1e
/ gist:43b26c31e895baf7e7aea2dbf9743a9a
Created
March 30, 2023 02:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [description] | |
| Appwrite up to v1.2.1 was discovered to contain a Server-Side Request | |
| Forgery (SSRF) via the component /v1/avatars/favicon. This | |
| vulnerability allows attackers to access network resources and | |
| sensitive information via a crafted GET request. | |
| > | |
| ------------------------------------------ | |
| > | |
| [VulnerabilityType Other] | |
| Server-Side Request Forgery (SSRF) |