CVE-2022-38342

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity XXE vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery SSRF attacks...

CVE-2022-38342

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity XXE vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery SSRF attacks...

GHSA-HC94-9V26-GXWV Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter

Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF Server-Side Request Forgery attacks via a crafted requesturi parameter...

Cross-site Scripting (XSS)

moodle/moodle is vulnerable to cross-site scripting. The vulnerability exists in userreporttracks.php due to the lack of sanitization in user-supplied data, allowing an attacker to inject and execute malicious javascript or cause blind ssrf attacks...

CVE-2022-1977

The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks...

CVE-2022-28217

Some part of SAP NetWeaver EP Web Page Composer does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by...

CVE-2022-29188

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

Server side request forgery (ssrf)

The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks...

CVE-2022-24825

Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an...

CVE-2022-24825 Smokescreen SSRF via deny list bypass

Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an...

HubSpot < 8.8.15 - Contributor+ Blind SSRF

The plugin does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks PoC As an authenticated user with the editposts capability, get REST nonce via...

JetBrains Hub server-side request forgery vulnerability

JetBrains Hub is a web-based application from JetBrains Czech Republic. JetBrains Hub has a server-side request forgery vulnerability that stems from the software's lack of validation for request forgery, which can be exploited by attackers to conduct server-side request forgery SSRF attacks...

Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them

Today XML External Entities XXE vulnerabilities are still ubiquitous, despite the fact that recommendations to protect against them have been an integral part of security standards for years. In this post, the first in a series of three blog posts, we will try to demystify XXE vulnerabilities and...

CVE-2022-22702

CVE-2022-22702 concerns PartKeepr up to version 1.4.0, where uploading attachments via a URL does not validate requests to local ports, enabling an authenticated user to perform SSRF and port enumeration. The root cause is the lack of validation in the URL-based attachment upload flow, exposing t...

PT-2022-15643 · Partkeepr · Partkeepr

Name of the Vulnerable Software and Affected Versions: PartKeepr versions up to v1.4.0 Description: The issue allows an authenticated user to carry out SSRF Server-Side Request Forgery attacks and port enumeration due to a lack of validation in the functionality to upload attachments using a URL...

CVE-2021-22970

Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SS...

CVE-2021-22970

Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SS...

Nim code issue vulnerability

Nim is a statically typed programming language from the Nim community. nim has a code issue vulnerability that can be exploited by attackers to bypass checks and launch SSRF attacks using null bytes...

Metabadger - Prevent SSRF Attacks On AWS EC2 Via Automated Upgrades To The More Secure Instance Metadata Service V2 (IMDSv2)

Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 IMDSv2. Metabadger Purpose and functionality Diagnose and evaluate your current usage of the AWS Instance Metadata Service along with understanding how the service works Prepare you to upgrade t...