CloudBees Jenkins URLTrigger Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task . URLTrigger Plugin is...

PT-2018-5156 · Dnn · Dnn

Name of the Vulnerable Software and Affected Versions: DNN aka DotNetNuke versions prior to 9.2.0 Description: The issue allows attackers to access information about internal network resources due to a Server-Side Request Forgery SSRF vulnerability in the DnnImageHandler class. Recommendations: F...

Trovebox Server-Side Request Forgery Vulnerability

Trovebox is an open source image sharing and management platform. webhook is one of the lightweight event handling API. A server-side request forgery vulnerability exists in the webhook component of Trovebox versions prior to 4.0.0-rc6. An attacker can exploit this vulnerability by sending an HTT...

CVE-2018-1000540

LoboEvolution version 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity XXE vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be...

OX App Suite Server-Side Request Forgery Vulnerability

OX App Suite is a collection of cloud-based applications that support the management of email, contacts, calendars, media, documents and more. A server-side request forgery vulnerability exists in OX App Suite, which allows an attacker to learn about internal network configurations, open ports, a...

CloudBees Jenkins CAS Plugin Server-Side Request Forgery Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . CAS Plugin is used to provide a CAS authentication...

Glastopf Cross-Site Request Forgery Vulnerability

Glastopf is a suite of Python-based, dynamic, low-interaction honeypots attack trapping software for web applications. A server-side cross-site request forgery vulnerability exists in Glastopf version 3.1.3-dev. An attacker can exploit this vulnerability to obtain logs from other web servers...

SAP Web Intelligence BI Launchpad SSRF Security Bypass Vulnerability

SAP BusinessObjects BI Platform is the German SAP SAP company's set of business intelligence BI solution platform. An SSRF security bypass vulnerability exists in SAP Web Intelligence BI Launchpad. An attacker can exploit the vulnerability to perform unauthorized actions, leading to further attac...

Cockpit Cross-Site Request Forgery Vulnerability

Cockpit is an open source CMS Content Management System for managing structured content. A server-side request forgery vulnerability exists in the /assets/lib/fuc.js.php file in Cockpit versions 0.4.4 through 0.5.5. A remote attacker can exploit this vulnerability to read arbitrary files or send...

CVE-2018-9302

SSRF Server Side Request Forgery in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about...

Ipswitch WhatsUp Gold Server-Side Request Forgery Vulnerability

Ipswitch WhatsUp Gold is a suite of unified infrastructure and application monitoring software from Ipswitch USA. The software supports management of network, server, virtual environment and application performance, among other things. A server-side request forgery vulnerability exists in the...

CVE-2018-8939

An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 18.0. Malicious actors can submit specially crafted requests via the NmAPI executable to 1 gain unauthorized access to the WhatsUp Gold system, 2 obtain information about the WhatsUp Gold system, or 3 execute remote...

Cockpit Server-Side Request Forgery Vulnerability

Cockpit is an open source CMS Content Management System for managing structured content. A server-side request forgery vulnerability exists in Cockpit version 0.13.0. A remote attacker can exploit this vulnerability to read arbitrary files or send TCP traffic to an internal network host with the...

CVE-2018-8801

GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component...

UBUNTU-CVE-2018-8801

GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component...

CVE-2018-10220

Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation...

PT-2018-9762 · Honeynet · Glastopf

Name of the Vulnerable Software and Affected Versions: Glastopf version 3.1.3-dev Description: The issue concerns a Server-Side Request Forgery SSRF in Glastopf, demonstrated through the abc.php a parameter. It is noted that the vendor considers this behavior intentional, as Glastopf is a web...

Onethink Ueditor Server-Side Request Forgery Vulnerability

Onethink is a content management framework for web development based on ThinkPHP.Ueditor is one of the HTML editors. A server-side request forgery vulnerability exists in the getRemoteImage.php file of Ueditor in Onethink version 1.0 and 1.1. A remote attacker can exploit this vulnerability with...

CVE-2017-16614

SSRF Server Side Request Forgery in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter...

CVE-2018-7516

A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans...