The vulnerability of the Adobe Document Service component in the SAP NetWeaver AS for Java software for creating and deploying web applications allows a attacker to perform an SSRF attack.

The vulnerability of the Adobe Document Service component in the SAP NetWeaver AS for Java web application development and deployment framework is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack using a...

PT-2024-9417 · Microsoft · Windows Routing/Remote Access Service +1

Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: The issue is related to a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code if a user sends a request t...

PT-2024-9574 · Ruijie · Ruijie Reyee Os

Name of the Vulnerable Software and Affected Versions: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x Description: The issue allows attackers to force Ruijie's proxy servers to perform any request the attackers choose, potentially giving them access to internal services used by...

QNAP Systems QNAP Notes Station 安全漏洞

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. A server-side request forgery vulnerability exists in QNAP Notes Station 3. The vulnerability stems from th...

net/http: Denial of service due to improper 100-continue handling in net/http

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...

mipjz 安全漏洞

mipjz is a content management system based on Baidu Mobile Accelerator MIP developed by sansanyun individual developer. A security vulnerability exists in mipjz version 5.0.5, which originates from the mipPost method in appsettingcontrollerApiAdminTool.php that improperly handles the postAddress...

The vulnerability of the Zimbra Collaboration Suite’s email management system, which stems from insufficient validation of incoming requests, allows attackers to carry out SRF attacks.

The vulnerability of the Zimbra Collaboration Suite’s email management system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to carry out a SRF attack remotely...

SUSE CVE-2024-6763

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

CVE-2024-47222

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol...

The vulnerability of the Zimbra Collaboration Suite’s email management system, which stems from insufficient validation of incoming requests, allows attackers to carry out SRF attacks.

The vulnerability of the Zimbra Collaboration Suite’s email management system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to carry out a SRF attack remotely...

CVE-2024-6018

The Music Request Manager WordPress plugin through 1.3 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

WordPress plugin Music Request Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

openHAB 安全漏洞

openHAB is an open source home automation application from openHAB. A security vulnerability exists in versions prior to openHAB 4.2.1 that stems from a proxy endpoint that allows access to add-ons without authentication, which can be used as a server request forgery to induce GET HTTP requests t...

GHSA-9CQM-MGV9-VV9J memos vulnerable to Server-Side Request Forgery and Cross-site Scripting

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current...

PT-2024-37090 · WordPress · If-So Dynamic Content Personalization

Name of the Vulnerable Software and Affected Versions: If-So Dynamic Content Personalization WordPress plugin versions prior to 1.8.0.4 Description: The issue is related to Reflected Cross-Site Scripting in old web browsers due to the failure to escape the $ SERVER'REQUEST URI' parameter before...

UBUNTU-CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affect...

MyBB Server Request Forgery Vulnerability

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A server request forgery vulnerability exists in MyBB versions prior to 1.8.38, which stems from the...