Atlassian Bitbucket Server Server-Side Request Forgery Vulnerability

Atlassian Bitbucket Server is a Git code hosting solution from Atlassian Australia. The solution is able to manage and review code with features such as diff view, JIRA integration and build integration.Github repository importer is one of the Github repository import modules. A server-side reque...

The vulnerability of the Apache XML-RPC library (ws-xmlrpc) is related to improper restrictions on XML links to external objects, which allows attackers to perform SSRF attacks.

The vulnerability of the Apache XML-RPC library ws-xmlrpc is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform SSRF attacks using specially crafted DTDs...

CloudBees Jenkins Warnings Plugin XML External Entity Injection Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Warnings Plugin is the use of a code...

CloudBees Jenkins PMD Plugin XML External Entity Injection Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . PMD Plugin is used in one of the...

NoneCms Server-Side Request Forgery Vulnerability

NoneCms is an open source CMS Content Management System for quickly building corporate websites, personal blogs and supporting mobile. A cross-site request forgery vulnerability exists in the 'copy' function of the application/admin/controller/Article.php file in NoneCms version 1.3.0, which stem...

UBUNTU-CVE-2018-1042

Moodle 3.x has Server Side Request Forgery in the filepicker...

Atlassian Jira Information Disclosure Vulnerability

Atlassian Jira is a defect tracking management system, a commercial application for defect management, task tracking and project management. An information disclosure vulnerability exists in the Trello import program in Atlassian Jira. A remote attacker could exploit this vulnerability to access...

Synology Chat Server-Side Request Forgery Vulnerability (CNVD-2018-01480)

Synology Chat is an enterprise messaging service that runs on Synology NAS. The solution eliminates the need for users to compose emails and improves the efficiency of corporate communication. A server-side request forgery vulnerability exists in Link Preview in Synology Chat. A remote...

Harbor 'Ping()' Function Server-Side Cross-Site Forgery Vulnerability

Harbor is an open source, enterprise-grade registry server that also provides advanced security features such as user management, access control and activity auditing. A server-side cross-site forgery vulnerability exists in the 'Ping' function of the ui/api/targets.go file in Harbor 1.3.0-rc4 an...

CVE-2017-16678

Server Side Request Forgery SSRF vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application...

CVE-2017-11291

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery SSRF vulnerability exists that could be abused to bypass network access controls...

Atlassian Hipchat Server and Hipchat Data Center Remote Code Execution Vulnerability

Atlassian Hipchat Server and Hipchat Data Center are both products of Atlassian Australia.Hipchat Server is a set of team chatting tools that supports group and 1-to-1 voice and video chatting and screen sharing.Hipchat Data Center is a set of Hipchat Data Center is a data center system. A...

SSRF vulnerability in APPCMS admin\download_frame.php file

APPCMS is a professional APP content management system that provides a variety of extension modules, such as information, recommended positions, topics, friendly links, body internal links and so on, to help webmasters better personalize their own websites. An SSRF vulnerability exists in the...

SimpleXML XML External Entity Injection Vulnerability

SimpleXML is a Java-based high-performance XML serialization and configuration framework. An XML external entity injection vulnerability exists in SimpleXML version 2.7.1. An attacker can exploit this vulnerability to implement a server-side request forgery attack to obtain sensitive information ...

private_address_check ruby gem server-side request forgery vulnerability

privateaddresscheck ruby gem is a Ruby-based checking tool for server-side request forgery attacks. A server-side request forgery vulnerability exists in versions of the privateaddresscheck ruby gem prior to 0.4.1. An attacker can exploit this vulnerability to bypass blacklists and perform...

CVE-2017-4928

The flash-based vSphere Web Client 6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers toward...

thoughtbot Paperclip ruby gem server-side request forgery vulnerability

The thoughtbot Paperclip ruby gem is an open source Ruby-based file attachment manager from thoughtbot, USA. A server-side request forgery vulnerability exists in the Paperclip::UriAdapter class in the thoughtbot Paperclip ruby gem 3.1.4 and later versions. An attacker can exploit this...

Recurly Client .NET Library Server-Side Request Forgery Attack Vulnerability

Recurly Client .NET Library is an API wrapper for Recurly from Recurly USA. A server-side request forgery attack vulnerability exists in Recurly Client .NET Library, which stems from the program failing to properly use the 'Uri.EscapeUriString' function. The vulnerability can be exploited by an...

Recurly Client Ruby Library Server-Side Request Forgery Vulnerability

Recurly Client Ruby Library is a Ruby API wrapper for Recurly from Recurly USA. A server-side request forgery vulnerability exists in the Resourcefind method in the Recurly Client Ruby Library. An attacker could use this vulnerability to take control of API keys or other important resources...

Recurly Client Python Library Server-Side Request Forgery Attack Vulnerability

Recurly Client Python Library is a Python API wrapper for Recurly from Recurly USA. A server-side request forgery attack vulnerability exists in the 'Resource.get' method in the Recurly Client Python Library. An attacker could use this vulnerability to take control of API keys or other important...