eric - Security Researcher - Exploit Intelligence Platform

CVE-2021-32663 WRITEUP HIGH WRITEUP

iTop <2.6.5, <2.7.5 - SSRF

iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later

CVSS 8.7

View Code

CVE-2021-32664 WRITEUP HIGH WRITEUP

Combodo iTop - XSS

Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.

CVSS 8.1

View Code

CVE-2023-29323 WRITEUP HIGH WRITEUP

OpenBSD <7.1-024 & 7.2-020 - DoS

ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.

CVSS 7.8

View Code