Lucene search
K

7389 matches found

CNVD
CNVD
added 2017/11/22 12:0 a.m.4 views

SimpleXML XML External Entity Injection Vulnerability

SimpleXML is a Java-based high-performance XML serialization and configuration framework. An XML external entity injection vulnerability exists in SimpleXML version 2.7.1. An attacker can exploit this vulnerability to implement a server-side request forgery attack to obtain sensitive information ...

9.1CVSS7.3AI score0.0466EPSS
Exploits1References1
OSV
OSV
added 2017/11/17 2:29 p.m.2 views

CVE-2017-4928

The flash-based vSphere Web Client 6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers toward...

7.5CVSS5.8AI score0.01237EPSS
Exploits0References3
CNVD
CNVD
added 2017/11/17 12:0 a.m.3 views

thoughtbot Paperclip ruby gem server-side request forgery vulnerability

The thoughtbot Paperclip ruby gem is an open source Ruby-based file attachment manager from thoughtbot, USA. A server-side request forgery vulnerability exists in the Paperclip::UriAdapter class in the thoughtbot Paperclip ruby gem 3.1.4 and later versions. An attacker can exploit this...

9.8CVSS7AI score0.03053EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/14 12:0 a.m.1 views

Recurly Client .NET Library Server-Side Request Forgery Attack Vulnerability

Recurly Client .NET Library is an API wrapper for Recurly from Recurly USA. A server-side request forgery attack vulnerability exists in Recurly Client .NET Library, which stems from the program failing to properly use the 'Uri.EscapeUriString' function. The vulnerability can be exploited by an...

9.8CVSS7.1AI score0.02594EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/14 12:0 a.m.1 views

Recurly Client Python Library Server-Side Request Forgery Attack Vulnerability

Recurly Client Python Library is a Python API wrapper for Recurly from Recurly USA. A server-side request forgery attack vulnerability exists in the 'Resource.get' method in the Recurly Client Python Library. An attacker could use this vulnerability to take control of API keys or other important...

9.8CVSS6.9AI score0.02594EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/14 12:0 a.m.2 views

Recurly Client Ruby Library Server-Side Request Forgery Vulnerability

Recurly Client Ruby Library is a Ruby API wrapper for Recurly from Recurly USA. A server-side request forgery vulnerability exists in the Resourcefind method in the Recurly Client Ruby Library. An attacker could use this vulnerability to take control of API keys or other important resources...

9.8CVSS7AI score0.02594EPSS
Exploits0References1
PyPA
PyPA
added 2017/11/13 5:29 p.m.5 views

PYSEC-2017-68

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...

9.8CVSS7AI score0.02594EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/10/11 12:0 a.m.4 views

The vulnerability of the interface for internal and external switches of the GlobalProtect operating system PAN-OS allows a attacker to cause a service failure or obtain confidential information.

The vulnerability of the internal and external gateway interfaces of the GlobalProtect operating system PAN-OS is related to incorrect restrictions on XML links to external objects XXE. Exploiting this vulnerability can allow a malicious actor to obtain confidential information, cause service...

9.8CVSS7.8AI score0.02465EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/10/10 1:29 p.m.4 views

CVE-2017-13706

XML external entity XXE vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery SSRF attacks, conduct internal port...

9.9CVSS5.9AI score0.01987EPSS
Exploits2References3
CNVD
CNVD
added 2017/10/09 12:0 a.m.2 views

Lansweeper XML External Entity Injection Vulnerability

Lansweeper is a network-assisted software that lists Windows hardware from Lansweeper Belgium. An XML external entity injection vulnerability exists in the import package feature in versions of Lansweeper prior to 6.0.100.67. A remote attacker can exploit this vulnerability to cause a denial of...

9.9CVSS9.2AI score0.01987EPSS
Exploits2References1
OSV
OSV
added 2017/09/29 1:34 a.m.5 views

CVE-2017-7553

The externalrequest api call in App Studio millicore allows server side request forgery SSRF. An attacker could use this flaw to probe the network internal resources, and access restricted endpoints...

6.3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2017/09/28 12:0 a.m.5 views

PT-2017-17796 · Millicore · App Studio

Name of the Vulnerable Software and Affected Versions: App Studio millicore affected versions not specified Description: The issue allows for server side request forgery SSRF through the external request API call. This could enable an attacker to probe internal network resources and access...

6.5CVSS6.3AI score0.00699EPSS
Exploits0References4
OSV
OSV
added 2017/09/08 2:29 p.m.3 views

CVE-2017-12071

Server-side request forgery SSRF vulnerability in fileupload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter...

6.5CVSS5.9AI score
Exploits0References1
CNVD
CNVD
added 2017/08/24 12:0 a.m.4 views

Atlassian OAuth Server-Side Request Forgery Vulnerability

Atlassian OAuth Plugin is an authorization plugin from Atlassian Australia for accessing personal Atlassian software data. A security vulnerability exists in the IconUriServlet in the Atlassian OAuth Plugin. A remote attacker could exploit the vulnerability to access internal network resources or...

6.1CVSS5.9AI score0.71601EPSS
Exploits1References1
CNVD
CNVD
added 2017/08/15 12:0 a.m.3 views

Synology Download Station Cross-Site Request Forgery Vulnerability

Synology Download Station is a set of web-based download applications from Synology. The program supports BT, FTP and HTTP protocols to download files. A server-side request forgery vulnerability exists in Downloader in Synology Download Station version 3.8.x before 3.8.5-3475 and version 3.x...

6.5CVSS6.5AI score0.01599EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/15 12:0 a.m.3 views

Synology Chat Server-Side Request Forgery Vulnerability

Synology Chat is a live chat tool from Synology. link preview is one of the link preview components. A server-side request forgery vulnerability exists in link preview in Synology Chat versions prior to 1.1.0-0806. A remote attacker can exploit this vulnerability to gain access to internal...

6.5CVSS6.8AI score0.01424EPSS
Exploits0References1
OSV
OSV
added 2017/08/14 7:29 p.m.2 views

CVE-2017-11149

Server-side request forgery SSRF vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI...

6.5CVSS5.9AI score0.01599EPSS
Exploits0References1
CNVD
CNVD
added 2017/07/27 12:0 a.m.3 views

Synology Photo Station Arbitrary File Download Vulnerability

Synology Photo Station is a Synology solution for sharing pictures, videos and blogs over the Internet. A server-side request forgery vulnerability exists in the fileupload.php file in Synology Photo Station versions prior to 6.7.4-3433 and 6.3-2968. A remote attacker can exploit the vulnerabilit...

6.5CVSS6.9AI score0.01372EPSS
Exploits0References1
OSV
OSV
added 2017/07/25 6:29 p.m.5 views

CVE-2017-11457

XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...

6.5CVSS5.9AI score0.01373EPSS
Exploits0References2
CNVD
CNVD
added 2017/07/07 12:0 a.m.3 views

FineCMS Server-Side Request Forgery Vulnerability

FineCMS is a content management system based on PHP+MySql+CI framework. A server-side request forgery vulnerability exists in the application/lib/ajax/getimagedata.php file in versions of FineCMS prior to 2017-07-06. An attacker can exploit this vulnerability to perform unauthorized operations...

6.5CVSS6.8AI score0.00832EPSS
Exploits0References1
Rows per page
Query Builder