328 matches found
DEBIAN-CVE-2023-32683
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...
CVE-2023-32683 URL deny list bypass via oEmbed and image URLs when generating previews in Synapse
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...
Davinci 代码问题漏洞
Davinci is an edp open source DVsaaS Data Visualization Service platform. A security vulnerability exists in Davinci version 0.3.0-rc, which stems from vulnerability to server request forgery SSRF attacks...
JetBrains Hub 代码问题漏洞
JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. A code issue vulnerability exists in versions of JetBrains Hub prior to 2023.1.15725, which stems from a lack of server request forgery protecti...
SUSE CVE-2019-9187
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs...
WordPress 代码问题漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress suffers from a code issue vulnerability that stems from unauthenticated server-side request forgery ...
多款Hitachi产品代码问题漏洞
Hitachi Ops Center Analyzer and Hitachi Infrastructure Analytics Advisor are both products of Hitachi, Japan.Hitachi Ops Center Analyzer is a data center management software. It monitors, reports, and correlates end-to-end performance from servers to storage.Hitachi Infrastructure Analytics Advis...
The vulnerability of the graphical interface of the FortiManager device management software and the FortiAnalyzer security event monitoring and analysis tool allows a attacker to perform an SRF attack.
The vulnerability of the graphical interface of the FortiManager device management software and the FortiAnalyzer security event monitoring and analysis tool is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SRF attack...
Exploit for Server-Side Request Forgery in Microsoft
proxynotshell-IOC-Checker Powershell script used to check for...
WordPress Post SMTP Mailer/Email Log Server Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A server request forgery...
WordPress plugin Post SMTP Mailer/Email Log 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A server request forgery...
CVE-2022-39211 Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server
Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Serve...
PT-2022-25338 · Canto · Canto Cumulus
Name of the Vulnerable Software and Affected Versions: Canto Cumulus versions through 11.1.3 Description: A Server-Side Request Forgery issue allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the...
CVE-2022-24406
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls...
CVE-2022-2339
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information...
GHSA-H975-R69H-4W9P Insufficient user input in Apache Jetspeed-2
UNSUPPORTED WHEN ASSIGNED Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant projec...
Halo 代码问题漏洞
Halo is a personal blog system for individual developers. A security vulnerability exists in Halo CMS version 1.5.3, which stems from a server request forgery issue in the template remote download feature...
Recipes 代码问题漏洞
Recipes is an application for managing recipes, planning meals, creating shopping lists, and more! A code issue vulnerability exists in Recipes versions 0.9.1 through 1.2.5 that stems from the Import Recipe feature being vulnerable to a server request forgery attack. When an attacker enters a...
Navigate CMS 代码问题漏洞
Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. A security vulnerability exists in Navigate CMS v2.9.4, which allows remote attackers to force an application to make arbitrary requests by injecting arbitrary URLs into feed parameters...
PT-2022-16705 · Solar · Solar Appscreener
Name of the Vulnerable Software and Affected Versions: Solar appScreener versions 3.10.4 and earlier Description: The issue allows XXE and SSRF attacks via a crafted XML document when a valid license is not present. Recommendations: For Solar appScreener versions 3.10.4 and earlier, ensure a vali...