CVE-2020-7796

Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled...

CVE-2019-20474

An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role read-only access to use and abuse it. One of the abuses allows performing network and port scan...

The vulnerability of the Apache Axis web service platform, related to insufficient validation of incoming requests, allows attackers to execute SSRF attacks.

The vulnerability of the Apache Axis web-service platform lies in the insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

CVE-2019-14704

An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field...

GitLab CE/EE Server-Side Request Forgery Vulnerability (CNVD-2019-23574)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. A...

CVE-2019-6516

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation port-scanning and to perform requests to adjacent workstations network-scanning, aka SSRF...

Ctrip Apollo Server-Side Request Forgery Vulnerability

Ctrip Apollo is a distributed configuration center system from China Ctrip Ctrip. The product is mainly used to centralize the management of the configuration of different environments and clusters of the application. A server-side request forgery vulnerability exists in Ctrip Apollo 1.4.0-SNAPSH...

CVE-2018-13404

The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from...

UBUNTU-CVE-2018-1000832

ZoneMinder version = 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution...

PT-2018-9549 · Freecol +1 · Freecol +1

Name of the Vulnerable Software and Affected Versions: FreeCol versions prior to nightly-2018-08-23 Description: The issue concerns a XML External Entity XXE vulnerability in the FreeColXMLReader parser. This can lead to disclosure of confidential data, denial of service, Server-Side Request...

xmlrpc: XML external entity vulnerability SSRF via a crafted DTD

XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted DTD...

Microsoft Exchange Server Rollup Server-Side Request Forgery Vulnerability

Microsoft Exchange Server is the United States Microsoft Microsoft a set of e-mail services program, which provides mail access, storage, forwarding, voice mail, mail filtering and screening functions.Rollup is used in one of the code packer. A server-side request forgery vulnerability exists in...

IBM API Connect Server-Side Request Forgery Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A server-side request forgery vulnerability exists in IBM API Connect versions 2018.1.0 through...

CVE-2017-7464

It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosure if they are able to provide XML content for parsing...

UBUNTU-CVE-2018-1000548

Umlet version 14.3 contains a XML External Entity XXE vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixe...

UBUNTU-CVE-2018-1000546

Triplea version = 1.9.0.0.10291 contains a XML External Entity XXE vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file XML...

Portainer Access Restriction Bypass and Server-Side Request Forgery Vulnerabilities

Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. A security vulnerability exists in Portainer versions prior to 1.18.0 that stems from the program's support for requests with unvalidated id query parameters. A remote attacker could use this...

CVE-2017-3206

The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, deni...

CVE-2018-11586

XML external entity XXE vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

CloudBees Jenkins DRY plugin XML external entity injection vulnerability

CloudBees Jenkins is the U.S. CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . DRY Plugin is used in one of the duplicate code to simplify t...