CVE-2018-20228

Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF...

CVE-2018-1000652

JabRef version =4.3.1 contains a XML External Entity XXE vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This...

CVE-2018-12463

An XML external entity XXE vulnerability in Fortify Software Security Center SSC, version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

CVE-2018-8939

An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 18.0. Malicious actors can submit specially crafted requests via the NmAPI executable to 1 gain unauthorized access to the WhatsUp Gold system, 2 obtain information about the WhatsUp Gold system, or 3 execute remote...

CVE-2017-16865

The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access...

UBUNTU-CVE-2017-1000190

SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on...

CVE-2017-15917

In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server...

Trend Micro OfficeScan Server Request Forgery Vulnerability

Trend Micro OfficeScan is a best-of-breed endpoint security solution for mid-sized and large organizations, with a future-proof, resilient architecture that allows you to customize your threat protection and data protection through plug-ins. A server request forgery vulnerability exists in Trend...