CVE-2018-1712

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370...

Trend Micro Control Manager Server-Side Request Forgery Vulnerability

Trend Micro Control Manager enables centralized, user-centric management for threat detection and data protection. A server-side request forgery vulnerability exists in Trend Micro Control Manager 6.0 and 7.0, which can be exploited by attackers to conduct server-side request forgery SSRF attacks...

CVE-2018-10511

A vulnerability in Trend Micro Control Manager versions 6.0 and 7.0 could allow an attacker to conduct a server-side request forgery SSRF attack on vulnerable installations...

CVE-2018-2445

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery SSRF vulnerability...

UBUNTU-CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

PT-2018-2192 · D Link · D-Link Central Wifimanager Cwm-100

Name of the Vulnerable Software and Affected Versions: D-Link Central WiFiManager CWM-100 version 1.03 r0098 Description: The issue is related to the FTP service, which allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in a Server-Side Request Forgery SSRF...

CloudBees Jenkins TraceTronic ECU-TEST Plugin Server-Side Request Forgery Vulnerability

CloudBees Jenkins is a suite of Java-based continuous integration tools from CloudBees, Inc. that are used to monitor ongoing software releases/testing projects and some timed tasks.TraceTronic ECU-TEST Plugin is an automated test software for embedded systems that uses... TraceTronic ECU-TEST...

CloudBees Jenkins Confluence Publisher Plugin Server-Side Request Forgery Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Confluence Publisher Plugin is used ...

Adobe Experience Manager server-side request forgery vulnerability (CNVD-2018-14949)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

PT-2018-12939 · Gogs +1 · Gogs +1

Name of the Vulnerable Software and Affected Versions: Gitea versions through 1.5.0-rc2 Gogs versions through 0.11.53 Description: A Server-Side Request Forgery SSRF issue in webhooks affects Gitea and Gogs, allowing remote attackers to access intranet services. Recommendations: For Gitea version...

Responsive FileManager Cross-Site Request Forgery Vulnerability

Responsive FileManager is an open source file manager written in PHP that supports uploading and managing videos, images and other files. A server-side request forgery vulnerability exists in the upload.php file in version 9.13.1 of Responsive FileManager. No details of the vulnerability are...

idreamsoft iCMS server-side request forgery vulnerability (CNVD-2018-14778)

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A server-side request forgery vulnerability exists in versions of idreamsoft iCMS prior to 7.0.11, which stems from the app/spider/spidertools.class.php file being able to receive private and reserved IP...

VulnCheck KEV: CVE-2025-34051

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP...

CVE-2018-5004

Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2018-12809

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2018-12809

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure...

Adobe Experience Manager Server-Side Request Forgery Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager server-side request forgery vulnerability (CNVD-2018-14945)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2018-0398

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack. Cisco Bug IDs: CSCvg71018...

Fortify Software Security Center (SSC) XXE Vulnerability

Micro Focus Fortify Software Security Center SSC is a software security management platform from Micro Focus UK. A XXE vulnerability exists in Fortify Software Security Center SSC that could allow a remote, unauthenticated user to read arbitrary files or conduct server-side request forgery SSRF...