Lucene search
K

7389 matches found

OSV
OSV
added 2017/06/30 3:29 a.m.5 views

CVE-2017-6036

A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination...

6.5CVSS5.8AI score0.00924EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/22 12:0 a.m.4 views

Red Hat JBoss Enterprise Application Platform Cross-Site Scripting Vulnerability

Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source, J2EE-based middleware platform. The platform is mainly used to build, deploy and host Java applications and services. Red Hat JBoss EAP 7.0.5 version of the...

9.8CVSS6.5AI score0.02007EPSS
Exploits0References1
OSV
OSV
added 2017/05/18 3:29 p.m.4 views

CVE-2017-7503

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed...

9.8CVSS5.8AI score0.02007EPSS
Exploits0References2
OSV
OSV
added 2017/05/18 2:29 p.m.1 views

UBUNTU-CVE-2017-9066

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF...

8.6CVSS7.3AI score0.03668EPSS
Exploits0References5
CNVD
CNVD
added 2017/05/10 12:0 a.m.1 views

I, Librarian PDF Manager SSRF Vulnerability

I, Librarian PDF Manager is an online service that will organize your collection of PDF and office documents. I, Librarian PDF Manager suffers from an SSRF vulnerability that can be exploited by attackers to cause information disclosure...

6.7AI score
Exploits0References1
CNVD
CNVD
added 2017/04/21 12:0 a.m.2 views

Data format extension for Jackson cross-site request forgery vulnerability

Data format extension for Jackson aka jackson-dataformat-xml is an extension module for providing alternative support for serialized POJO classes for XML and deserialized XML. A security vulnerability exists in XmlMapper in the Data format extension for Jackson. A remote attacker could exploit th...

8.6CVSS7AI score0.02356EPSS
Exploits0References1
OSV
OSV
added 2017/04/14 6:59 p.m.1 views

UBUNTU-CVE-2016-7051

XmlMapper in the Jackson XML dataformat component aka jackson-dataformat-xml before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery SSRF attacks via vectors related to a DTD...

8.6CVSS7.3AI score0.02356EPSS
Exploits0References3
OSV
OSV
added 2017/04/14 6:59 p.m.1 views

DEBIAN-CVE-2016-7051

XmlMapper in the Jackson XML dataformat component aka jackson-dataformat-xml before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery SSRF attacks via vectors related to a DTD...

8.6CVSS8.7AI score0.02356EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/13 12:0 a.m.4 views

vBulletin Security Bypass Vulnerability

vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program . A security bypass vulnerability exists in versions of vBulletin prior to 5.3.0. A remote attacker could exploit this vulnerability to conduct a server-side...

8.6CVSS6.9AI score0.01238EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/07 12:0 a.m.2 views

MyBB Server-Side Request Forgery Security Bypass Vulnerability

MyBB is a popular forum program. MyBB suffers from a server-side request forgery security bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized operations...

7.7CVSS7.7AI score0.02168EPSS
Exploits2References1
OSV
OSV
added 2017/04/06 5:59 p.m.3 views

CVE-2017-7569

In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parseurl function, aka VBV-17037...

8.6CVSS5.8AI score0.01238EPSS
Exploits0References1
OSV
OSV
added 2017/03/27 5:59 p.m.0 views

UBUNTU-CVE-2017-7272

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead ...

7.4CVSS7.1AI score0.03514EPSS
Exploits2References2
CNVD
CNVD
added 2017/03/20 12:0 a.m.2 views

Apache Camel Validation Component Request Forgery Vulnerability

Apache Camel is the United States Apache Apache Software Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern of Java objects POJO implementation ...

7.4CVSS8.3AI score0.0489EPSS
Exploits0References1
OSV
OSV
added 2017/03/16 3:59 p.m.0 views

DEBIAN-CVE-2017-5617

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

7.4CVSS7AI score0.01992EPSS
Exploits0References1
OSV
OSV
added 2017/03/16 3:59 p.m.4 views

UBUNTU-CVE-2017-5617

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

7.4CVSS7.1AI score0.01992EPSS
Exploits0References4
OSV
OSV
added 2017/02/17 2:59 a.m.2 views

CVE-2016-4312

XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...

7.5CVSS5.9AI score0.05997EPSS
Exploits5References6
ATTACKERKB
ATTACKERKB
added 2017/02/17 2:59 a.m.3 views

CVE-2016-4312

XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...

8.8CVSS6AI score0.05997EPSS
Exploits6References7
CNVD
CNVD
added 2017/02/10 12:0 a.m.2 views

SVG Salamander Server-Side Request Forgery Security Bypass Vulnerability

SVG Salamander is a JAVA renderer and animator. A security bypass vulnerability exists in SVG Salamander. An attacker could use this vulnerability to bypass security constraints to perform unauthorized operations and launch further attacks...

7.4CVSS6.8AI score0.01992EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/08 12:0 a.m.2 views

IBM Forms Experience Builder Server-Side Request Forgery Security Bypass Vulnerability

IBM Forms Experience Builder is a set of U.S. IBM's Web forms for creating Web site applications. A server-side request forgery vulnerability exists in IBM Forms Experience Builder versions 8.5, 8.5.1, and 8.6. An attacker could exploit this vulnerability to obtain information about internal...

3.5CVSS6.4AI score0.00554EPSS
Exploits0References1
OSV
OSV
added 2017/01/31 7:59 p.m.1 views

UBUNTU-CVE-2016-6621

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

8.6CVSS7.3AI score0.01927EPSS
Exploits0References3
Rows per page
Query Builder