CloudBees Jenkins Checkstyle plugin XML external entity injection vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Checkstyle Plugin is used in one of...

camel-core: Validation component vulnerable to SSRF via remote DTDs and XXE

It was found that Apache Camel's validation component evaluates DTD headers of XML stream sources, although a validation against XML schemas XSD is executed. Remote attackers can use this feature to make Server-Side Request Forgery SSRF attacks by sending XML documents with remote DTDs URLs or XM...

Belden Hirschmann GECKO Server-Side Request Forgery Vulnerability

The Belden Hirschmann GECKO is the lean managed industrial Ethernet switch. A server-side request forgery vulnerability exists in the Belden Hirschmann GECKO switch. The vulnerability stems from the program failing to adequately validate requests. An attacker could exploit the vulnerability by...

CVE-2017-6130

F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery SSRF attack when deployed using the Dynamic Domain Bypass DDB feature feature plus SNAT Auto Map option for egress traffic...

UBUNTU-CVE-2016-7999

ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...

QlikTech Qlikview XML External Entity Vulnerability

QlikTech Qlikview is a business discovery platform that provides users with self-service BI Business Intelligence from QlikTech, USA. The platform supports consolidation of data from multiple sources into a single application, data visualization through new graphical techniques, and interaction...

Python多个安全漏洞

CVE ID:CVE-2013-1752、CVE-2013-4238 Python是一款开放源代码的脚本编程语言。 Python存在多个安全漏洞，允许远程攻击者利用漏洞进行伪造攻击和进行拒绝服务攻击。 1，Python SSL模块没有正确处理服务器SSL证书中的"subjectAltNames"通用名的空字节，允许攻击者通过中间人攻击进行服务器伪造攻击，可获取敏感信息。 2，不受限的调用Lib/httplib.py中的"readline"可导致消耗大量内存资源，造成拒绝服务攻击。 3，不受限的调用Lib/ftplib.py中的"readline"可导致消耗大量内存资源，造成拒绝服务攻击。...