GHSA-7C2R-3JQF-C9RW jackson-dataformat-xml vulnerable to server side request forgery (SSRF)

Versions of jackson-dataformat-xml prior to 2.7.8 and prior to 2.8.4 allow remote attackers to conduct server-side request forgery SSRF attacks via vectors related to a DTD...

GHSA-VQ9J-JH62-5HMP Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

Description: The Validation Component of Apache Camel evaluates DTD headers of XML stream sources, although a validation against XML schemas XSD is executed. Remote attackers can use this feature to make Server-Side Request Forgery SSRF attacks by sending XML documents with remote DTDs URLs or XM...

CVE-2018-16793

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA Outlook Web Access login page...

Microsoft Windows Server ADFS Server-Side Request Forgery Vulnerability

Microsoft Active Directory Federation Services ADFS is an Active Directory Federation Service from Microsoft. The service provides Web Single Sign-On SSO technology, which enables authentication of a user to multiple websites or applications during a single session. A server-side request forgery...

CVE-2018-1789

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939...

CVE-2018-16444

An issue was discovered in SeaCMS 6.61. adm1n/adminreslib.php has SSRF via the url parameter...

SeaCMS Server-Side Request Forgery Vulnerability

SeaCMS Ocean CMS is a professional open source free PHP film and television system. There is a server-side request forgery vulnerability in adm1n/adminreslib.php in 6.61 and earlier versions of SeaCMS, which can be exploited by an attacker through the url parameter to conduct a server-side reques...

CA PPM XML External Entity Vulnerability

CA PPM is a suite of project and portfolio management software from CA USA. The software includes features such as task management, project planning, financial reporting management and resource management. An XML external entity injection vulnerability exists in the XOG functionality in CA PPM. A...

CVE-2018-13826

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks...

SAP BusinessObjects Business Intelligence Admin Tools Server-Side Request Forgery Vulnerability

SAP BusinessObjects Business Intelligence is a suite of business intelligence software and enterprise performance solutions from SAP. The product features report generation, analysis, data visualization, etc. Admin Tools is one of the management tools. A server-side request forgery vulnerability...

CVE-2018-15895

An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spidertools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an...

IBM API Connect Server-Side Request Forgery Vulnerability

IBM API Connect aka APIConnect is a set of integrated solutions for managing the API lifecycle from IBM in the United States. The solution supports creating, running, managing and protecting APIs and microservices, etc. Developer Portal is one of the developer portals. A server-side request forge...

CVE-2018-1712

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370...

Trend Micro Control Manager Server-Side Request Forgery Vulnerability

Trend Micro Control Manager enables centralized, user-centric management for threat detection and data protection. A server-side request forgery vulnerability exists in Trend Micro Control Manager 6.0 and 7.0, which can be exploited by attackers to conduct server-side request forgery SSRF attacks...

CVE-2018-10511

A vulnerability in Trend Micro Control Manager versions 6.0 and 7.0 could allow an attacker to conduct a server-side request forgery SSRF attack on vulnerable installations...

CVE-2018-2445

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery SSRF vulnerability...

UBUNTU-CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

PT-2018-2192 · D Link · D-Link Central Wifimanager Cwm-100

Name of the Vulnerable Software and Affected Versions: D-Link Central WiFiManager CWM-100 version 1.03 r0098 Description: The issue is related to the FTP service, which allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in a Server-Side Request Forgery SSRF...

CloudBees Jenkins Confluence Publisher Plugin Server-Side Request Forgery Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Confluence Publisher Plugin is used ...

Adobe Experience Manager server-side request forgery vulnerability (CNVD-2018-14949)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...