Security
Headlines
HeadlinesLatestCVEs

Tag

#ssrf

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. Russian cybersecurity firm Kaspersky, which first detected the activity in mid-October 2021, attributed it to a previously unknown Chinese-speaking threat actor. Targets include

The Hacker News
Open in Source
#vulnerability#web#microsoft#git#intel#backdoor#ssrf#auth#ssh#The Hacker News
CVE-2022-0624: Authorization Bypass Through User-Controlled Key in parse-path

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.

CVE-2017-20106

A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

GHSA-7f3x-x4pr-wqhj: Server-Side Request Forgery in parse-url

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.

CVE-2022-1977

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks

CVE-2021-20544: IBM Jazz Team Server server-side request forgery CVE-2021-20544 Vulnerability Report

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931.

CVE-2021-20421: Security Bulletin: IBM Engineering Lifecycle Management is vulnerable(Server-Side Request Forgery vulnerability) when requesting resource over an API endpoint to verify URls from target application se

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2022-34013: OneBlog v2.3.4 background SSRF vulnerability · Issue #I5CB2A · yadong.zhang/OneBlog - Gitee.com

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.

GHSA-5h75-pvq4-82c9: Server-Side Request Forgery in Directus

Directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality, which allows a low privileged user to perform internal network port scans.