7389 matches found
SimpleXML XML External Entity Injection Vulnerability
SimpleXML is a Java-based high-performance XML serialization and configuration framework. An XML external entity injection vulnerability exists in SimpleXML version 2.7.1. An attacker can exploit this vulnerability to implement a server-side request forgery attack to obtain sensitive information ...
CVE-2017-4928
The flash-based vSphere Web Client 6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers toward...
thoughtbot Paperclip ruby gem server-side request forgery vulnerability
The thoughtbot Paperclip ruby gem is an open source Ruby-based file attachment manager from thoughtbot, USA. A server-side request forgery vulnerability exists in the Paperclip::UriAdapter class in the thoughtbot Paperclip ruby gem 3.1.4 and later versions. An attacker can exploit this...
Recurly Client .NET Library Server-Side Request Forgery Attack Vulnerability
Recurly Client .NET Library is an API wrapper for Recurly from Recurly USA. A server-side request forgery attack vulnerability exists in Recurly Client .NET Library, which stems from the program failing to properly use the 'Uri.EscapeUriString' function. The vulnerability can be exploited by an...
Recurly Client Python Library Server-Side Request Forgery Attack Vulnerability
Recurly Client Python Library is a Python API wrapper for Recurly from Recurly USA. A server-side request forgery attack vulnerability exists in the 'Resource.get' method in the Recurly Client Python Library. An attacker could use this vulnerability to take control of API keys or other important...
Recurly Client Ruby Library Server-Side Request Forgery Vulnerability
Recurly Client Ruby Library is a Ruby API wrapper for Recurly from Recurly USA. A server-side request forgery vulnerability exists in the Resourcefind method in the Recurly Client Ruby Library. An attacker could use this vulnerability to take control of API keys or other important resources...
PYSEC-2017-68
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...
The vulnerability of the interface for internal and external switches of the GlobalProtect operating system PAN-OS allows a attacker to cause a service failure or obtain confidential information.
The vulnerability of the internal and external gateway interfaces of the GlobalProtect operating system PAN-OS is related to incorrect restrictions on XML links to external objects XXE. Exploiting this vulnerability can allow a malicious actor to obtain confidential information, cause service...
CVE-2017-13706
XML external entity XXE vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery SSRF attacks, conduct internal port...
Lansweeper XML External Entity Injection Vulnerability
Lansweeper is a network-assisted software that lists Windows hardware from Lansweeper Belgium. An XML external entity injection vulnerability exists in the import package feature in versions of Lansweeper prior to 6.0.100.67. A remote attacker can exploit this vulnerability to cause a denial of...
CVE-2017-7553
The externalrequest api call in App Studio millicore allows server side request forgery SSRF. An attacker could use this flaw to probe the network internal resources, and access restricted endpoints...
PT-2017-17796 · Millicore · App Studio
Name of the Vulnerable Software and Affected Versions: App Studio millicore affected versions not specified Description: The issue allows for server side request forgery SSRF through the external request API call. This could enable an attacker to probe internal network resources and access...
CVE-2017-12071
Server-side request forgery SSRF vulnerability in fileupload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter...
Atlassian OAuth Server-Side Request Forgery Vulnerability
Atlassian OAuth Plugin is an authorization plugin from Atlassian Australia for accessing personal Atlassian software data. A security vulnerability exists in the IconUriServlet in the Atlassian OAuth Plugin. A remote attacker could exploit the vulnerability to access internal network resources or...
Synology Download Station Cross-Site Request Forgery Vulnerability
Synology Download Station is a set of web-based download applications from Synology. The program supports BT, FTP and HTTP protocols to download files. A server-side request forgery vulnerability exists in Downloader in Synology Download Station version 3.8.x before 3.8.5-3475 and version 3.x...
Synology Chat Server-Side Request Forgery Vulnerability
Synology Chat is a live chat tool from Synology. link preview is one of the link preview components. A server-side request forgery vulnerability exists in link preview in Synology Chat versions prior to 1.1.0-0806. A remote attacker can exploit this vulnerability to gain access to internal...
CVE-2017-11149
Server-side request forgery SSRF vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI...
Synology Photo Station Arbitrary File Download Vulnerability
Synology Photo Station is a Synology solution for sharing pictures, videos and blogs over the Internet. A server-side request forgery vulnerability exists in the fileupload.php file in Synology Photo Station versions prior to 6.7.4-3433 and 6.3-2968. A remote attacker can exploit the vulnerabilit...
CVE-2017-11457
XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...
FineCMS Server-Side Request Forgery Vulnerability
FineCMS is a content management system based on PHP+MySql+CI framework. A server-side request forgery vulnerability exists in the application/lib/ajax/getimagedata.php file in versions of FineCMS prior to 2017-07-06. An attacker can exploit this vulnerability to perform unauthorized operations...