10766 matches found
CVE-2018-1000828
FrostWire version = frostwire-desktop-6.7.4-build-272 contains a XML External Entity XXE vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to...
CVE-2018-1000837
UML Designer version = 8.0.0 contains a XML External Entity XXE vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file...
CVE-2018-1000820
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity XXE vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c...
CVE-2018-1000833
ZoneMinder version = 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution...
CVE-2021-27103
Accellion FTA 912411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA912416 and later...
CVE-2021-27329
Friendica 2021.01 allows SSRF via parseurl?binurl= for DNS lookups or HTTP requests to arbitrary domain names...
CVE-2021-33581
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService...
CVE-2021-33213
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...
CVE-2021-33510
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file...
CVE-2021-33511
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...
CVE-2021-28910
BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server...
CVE-2021-31828
An SSRF issue in Open Distro for Elasticsearch ODFE before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope...
CVE-2021-31910
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible...
CVE-2021-22970
Concrete CMS formerly concrete5 versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SS...
CVE-2021-22969
Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...
CVE-2021-22054
VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to...
CVE-2021-22056
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response...
CVE-2016-10927
The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php...
CVE-2022-37033
In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no...
CVE-2022-31393
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Index function in app/admin/c/PluginsController.php...