DEBIAN-CVE-2016-7051

XmlMapper in the Jackson XML dataformat component aka jackson-dataformat-xml before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery SSRF attacks via vectors related to a DTD...

vBulletin Security Bypass Vulnerability

vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program . A security bypass vulnerability exists in versions of vBulletin prior to 5.3.0. A remote attacker could exploit this vulnerability to conduct a server-side...

MyBB Server-Side Request Forgery Security Bypass Vulnerability

MyBB is a popular forum program. MyBB suffers from a server-side request forgery security bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized operations...

CVE-2017-7569

In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parseurl function, aka VBV-17037...

UBUNTU-CVE-2017-7272

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead ...

Apache Camel Validation Component Request Forgery Vulnerability

Apache Camel is the United States Apache Apache Software Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern of Java objects POJO implementation ...

UBUNTU-CVE-2017-5617

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

DEBIAN-CVE-2017-5617

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

CVE-2016-4312

XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...

CVE-2016-4312

XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...

SVG Salamander Server-Side Request Forgery Security Bypass Vulnerability

SVG Salamander is a JAVA renderer and animator. A security bypass vulnerability exists in SVG Salamander. An attacker could use this vulnerability to bypass security constraints to perform unauthorized operations and launch further attacks...

IBM Forms Experience Builder Server-Side Request Forgery Security Bypass Vulnerability

IBM Forms Experience Builder is a set of U.S. IBM's Web forms for creating Web site applications. A server-side request forgery vulnerability exists in IBM Forms Experience Builder versions 8.5, 8.5.1, and 8.6. An attacker could exploit this vulnerability to obtain information about internal...

UBUNTU-CVE-2016-6621

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

DEBIAN-CVE-2016-6621

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

phpMyAdmin Server-Side Request Forgery Security Bypass Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security bypass vulnerability exists in phpMyAdmin...

DEBIAN-CVE-2016-7999

ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...

Splunk Enterprise Server-Side Request Forgery Vulnerability

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. A request forgery vulnerability exists on the server side of Splunk Enterprise. An attacker could use this vulnerability to bypass security restrictions and perform unauthorized operations...

Serendipity SSRF Security Restriction Bypass Vulnerability

Serendipity is the scalable PHP-powered weblog engine. Serendipity suffers from a Security Restriction Bypass vulnerability that allows an attacker to bypass SSRF protection via a malformed IP address or 30x HTTP status code...

Piwik PHP Object Injection Vulnerability

Piwik formerly known as phpMyVisites is an open source website access statistics system based on PHP5 and MySQL. A security vulnerability exists in the 'saveLayout' function in the /plugins/Dashboard/Controller.php script in Piwik 2.16.0 and earlier versions. A remote attacker can exploit this...

EC-CUBE Server-Side Request Forgery Vulnerability

LOCKON EC-CUBE is an open source e-commerce website building platform developed by LOCKON Co. The platform supports product login, user evaluation, artwork layout and so on. A server-side request forgery vulnerability exists in EC-CUBE version 2.12.6en-p1, which can be exploited by remote attacke...