Apache Dubbo 代码问题漏洞

Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. The product provides interface-based remote calling , fault tolerance and load balancing and automatic service registration and discovery. A security vulnerability exists in...

WordPress plugin External Media without Import 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress External Media without Imports plugin version 1.1.2 and earlier is vulnerable to server-side reques...

UBUNTU-CVE-2022-1379

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery SSRF. This allows accessing restricted internal resources/servers or...

CVE-2022-24449

Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document...

CVE-2022-29153

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5...

UBUNTU-CVE-2022-0425

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery SSRF attacks...

CVE-2022-0671

A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file...

UBUNTU-CVE-2021-45325

Server Side Request Forgery SSRF vulneraility exists in Gitea before 1.7.0 using the OpenID URL...

PeerTube 代码问题漏洞

PeerTube is a decentralized video sharing service platform. PeerTube suffers from a server-side request forgery vulnerability, which stems from the product's failure to determine that requests originate from trusted users, and can be exploited by attackers to send unintended requests to the serve...

xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

CVE-2021-44147

An XML External Entity issue in Claris FileMaker Pro and Server including WebDirect before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks...

CVE-2021-28910

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server...

Bab Technologie Gmbh BAB TECHNOLOGIE GmbH eibPort 代码问题漏洞

Bab Technologie Gmbh BAB TECHNOLOGIE GmbH eibPort is an application for managing smart furniture devices from BAB TECHNOLOGIE GmbH Bab Technologie Gmbh, Germany. A security vulnerability exists in BAB TECHNOLOGIE GmbH eibPort V3, which stems from an SSRF vulnerability in versions prior to 3.9.1. ...

CVE-2021-32603

A server-side request forgery SSRF CWE-918 vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted...

The vulnerability of the php_url_parse_ex() function in the PHP interpreter allows a hacker to perform an SSRF attack.

The vulnerability of the phpurlparseex function in the PHP interpreter is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

Esri Arcgis Server 代码问题漏洞

ArcGIS Server is the back-end server software component of ArcGIS Enterprise.ArcGIS Server Manager is an application that is installed with ArcGIS Server and provides an intuitive and convenient interface for managing the server. A server-side request forgery vulnerability exists in ArcGIS Server...

USN-5006-1 php7.2, php7.4 vulnerabilities

It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-7068 It wa...

XStream: SSRF via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

USN-4943-1 libxstream-java vulnerabilities

Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. This issue affected only affected Ubuntu 20.10. CVE-2020-26217 It was discovered that XStream was vulnerable to...