CloudBees Jenkins TraceTronic ECU-TEST Plugin Server-Side Request Forgery Vulnerability

CloudBees Jenkins is a suite of Java-based continuous integration tools from CloudBees, Inc. that are used to monitor ongoing software releases/testing projects and some timed tasks.TraceTronic ECU-TEST Plugin is an automated test software for embedded systems that uses... TraceTronic ECU-TEST...

PT-2018-12939 · Gogs +1 · Gogs +1

Name of the Vulnerable Software and Affected Versions: Gitea versions through 1.5.0-rc2 Gogs versions through 0.11.53 Description: A Server-Side Request Forgery SSRF issue in webhooks affects Gitea and Gogs, allowing remote attackers to access intranet services. Recommendations: For Gitea version...

Responsive FileManager Cross-Site Request Forgery Vulnerability

Responsive FileManager is an open source file manager written in PHP that supports uploading and managing videos, images and other files. A server-side request forgery vulnerability exists in the upload.php file in version 9.13.1 of Responsive FileManager. No details of the vulnerability are...

idreamsoft iCMS server-side request forgery vulnerability (CNVD-2018-14778)

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A server-side request forgery vulnerability exists in versions of idreamsoft iCMS prior to 7.0.11, which stems from the app/spider/spidertools.class.php file being able to receive private and reserved IP...

VulnCheck KEV: CVE-2025-34051

A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgiquery endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP...

CVE-2018-5004

Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2018-12809

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2018-12809

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure...

Adobe Experience Manager Server-Side Request Forgery Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager server-side request forgery vulnerability (CNVD-2018-14945)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2018-0398

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack. Cisco Bug IDs: CSCvg71018...

Fortify Software Security Center (SSC) XXE Vulnerability

Micro Focus Fortify Software Security Center SSC is a software security management platform from Micro Focus UK. A XXE vulnerability exists in Fortify Software Security Center SSC that could allow a remote, unauthenticated user to read arbitrary files or conduct server-side request forgery SSRF...

CloudBees Jenkins URLTrigger Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task . URLTrigger Plugin is...

PT-2018-5156 · Dnn · Dnn

Name of the Vulnerable Software and Affected Versions: DNN aka DotNetNuke versions prior to 9.2.0 Description: The issue allows attackers to access information about internal network resources due to a Server-Side Request Forgery SSRF vulnerability in the DnnImageHandler class. Recommendations: F...

Trovebox Server-Side Request Forgery Vulnerability

Trovebox is an open source image sharing and management platform. webhook is one of the lightweight event handling API. A server-side request forgery vulnerability exists in the webhook component of Trovebox versions prior to 4.0.0-rc6. An attacker can exploit this vulnerability by sending an HTT...

CVE-2018-1000540

LoboEvolution version 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity XXE vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be...

OX App Suite Server-Side Request Forgery Vulnerability

OX App Suite is a collection of cloud-based applications that support the management of email, contacts, calendars, media, documents and more. A server-side request forgery vulnerability exists in OX App Suite, which allows an attacker to learn about internal network configurations, open ports, a...

CloudBees Jenkins CAS Plugin Server-Side Request Forgery Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . CAS Plugin is used to provide a CAS authentication...

Glastopf Cross-Site Request Forgery Vulnerability

Glastopf is a suite of Python-based, dynamic, low-interaction honeypots attack trapping software for web applications. A server-side cross-site request forgery vulnerability exists in Glastopf version 3.1.3-dev. An attacker can exploit this vulnerability to obtain logs from other web servers...

SAP Web Intelligence BI Launchpad SSRF Security Bypass Vulnerability

SAP BusinessObjects BI Platform is the German SAP SAP company's set of business intelligence BI solution platform. An SSRF security bypass vulnerability exists in SAP Web Intelligence BI Launchpad. An attacker can exploit the vulnerability to perform unauthorized actions, leading to further attac...