7250 matches found
UBUNTU-CVE-2019-9187
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs...
CVE-2019-10327
An XML external entities XXE vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for...
PT-2019-11728 · Jenkins · Jenkins Pipeline Maven Integration Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline Maven Integration Plugin versions 1.7.0 and earlier Description: The issue allows attackers who can control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML...
CVE-2017-15029
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF...
GHSA-H9GJ-RQRW-X4FQ Server Side Request Forgery in Apache Axis
A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
UBUNTU-CVE-2019-0227
A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...
CVE-2018-17169
An XML external entity XXE vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
CVE-2019-4203
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124...
CVE-2019-10686
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...
Moodle server-side request forgery vulnerability (CNVD-2019-35807)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A server-side request forgery vulnerability exists in Moodle versions prior to 3.1.15, which can be exploited by attackers to bypass...
Atlassian Confluence Server and Atlassian Data Center Server-Side Request Forgery Vulnerabilities
Atlassian Confluence Server and Atlassian Data Center are both products of Atlassian Australia.Atlassian Confluence Server is a professional enterprise knowledge management and collaboration software that can also be used to build enterprise WiKi. Atlassian Data Center is a data center system. A...
UBUNTU-CVE-2019-6970
Moodle 3.5.x before 3.5.4 allows SSRF...
CVE-2018-13103
OX App Suite 7.8.4 and earlier allows SSRF...
UBUNTU-CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...
DEBIAN-CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...
Ikiwiki Server-Side Request Forgery Vulnerability
Ikiwiki is an open source wiki application. A server-side request forgery vulnerability exists in Ikiwiki, which can be exploited by remote attackers to disclose information or cause a denial of service...