-
# Summary
An SSRF (Server-Side Request Forgery) vulnerability was identified in the LyLme_spage version 1.9.5. This vulnerability allows internal network requests to be initiated and sensitive inform…
-
Axios versions >= 1.3.2,
-
fvbsfgbdrsted
-
Keypoinst:
- SSRF ( Use `sudo responder -I tun0 -wv`)
- GMSAPasswordReader.exe : https://github.com/expl0itabl3/Toolies
- [PE]SeRestorePrivilege (https://book.hacktricks.xyz/windows-hardening/wind…
-
问题描述
kkFileview v4.1.0存在SSRF漏洞,攻击者可以利用此漏洞造成服务器端请求伪造(SSRF),远程攻击者可以通过将任意url注入url参数来强制应用程序发出任意请求。
Description
kkFileview v4.1.0 has an SSRF vulnerability, This vulnerability can be leveraged by…
-
**Is your feature request related to a problem? Please describe.**
File content stored on disk is plaintext, not encrypted, file stored on disk should encrypted.
**Describe the solution you'd li…
-
0xbug updated
4 years ago
-
Hi,
https://github.com/splitbrain/php-epub-meta/blob/4fc37ad6e165e440d62611e211b5c63a9f288de1/index.php#L59-L60
allows an attacker to trigger a HTTP(S)-request to an arbitrary target via `file_ge…
-
Snyk and npm audit are complaining about a security vulnerability with the `node-strava-v3` package dependencies, the `request` package. This vulnerability has been catalogued by Snyk with the identif…
Luen updated
6 months ago
-