Commit Graph

6 Commits (70fd2d2499ba2830bc7acf8945548c97ef0f8800)

Author SHA1 Message Date
forgedhallpass 209538baa6 refactor: Description field uniformization
* info field reorder
* reference values refactored to list
* added new lines after the id and before the protocols
* removed extra new lines
* split really long descriptions to multiple lines (part 1)
* other minor fixes
2022-04-22 13:38:41 +03:00
MostInterestingBotInTheWorld a24ef794b7
Dashboard Content Enhancements (#4031)
Dashboard Content Enhancements
2022-04-07 09:53:15 -04:00
sandeep 33badb66d1 oob tags update 2021-10-19 02:10:26 +05:30
Ice3man543 e9f728c321 Added cve annotations + severity adjustments 2021-09-10 16:56:40 +05:30
Prince Chaddha 0b3a307294
Update CVE-2018-15517.yaml 2021-08-04 13:44:42 +05:30
GwanYeong Kim 812d4faca2 Create CVE-2018-15517.yaml
Using a web browser or script SSRF can be initiated against internal/external systems to conduct port scans by leveraging D LINKs MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using Web Browser.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-04 14:25:54 +09:00