Lucene search
+L

9746 matches found

Prion
Prion
added 2017/03/16 3:59 p.m.16 views

Server side request forgery (ssrf)

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

5.8CVSS7.2AI score0.01992EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2017/03/16 3:59 p.m.5 views

CVE-2017-5617

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

7.4CVSS7.3AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2017/03/16 12:0 a.m.12 views

PT-2018-41: Server-Side Request Forgery in SAP NetWeaver Knowledge Management Configuration Service

The specialists of the Positive Research center have detected a Server-Side Request Forgery vulnerability in SAP NetWeaver Knowledge Management Configuration Service. A server-side request forgery SSRF vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 allow...

6.6CVSS5.2AI score0.0087EPSS
Exploits0References3
CVE
CVE
added 2017/03/03 4:0 p.m.152 views

CVE-2015-8813

The CVE-2015-8813 entry affects Umbraco before 7.4.0, where the Page_Load code in FeedProxy.aspx.cs is vulnerable to server-side request forgery (SSRF) via the url parameter. Public descriptions (including the Nuclei template) confirm that an attacker can trigger arbitrary HTTP GET requests to ta...

8.2CVSS8.2AI score0.11595EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/02/27 12:0 a.m.48 views

Debian DLA-834-1 : phpmyadmin security update

A server-side request forgery vulnerability was reported for the setup script in phpmyadmin, a MYSQL web administration tool. This flaw may allow an unauthenticated attacker to brute-force MYSQL passwords, detect internal hostnames or opened ports on the internal network. Additionally there was a...

8.6CVSS7.8AI score0.01927EPSS
Exploits0References3
Debian
Debian
added 2017/02/24 6:34 a.m.25 views

[SECURITY] [DLA 834-1] phpmyadmin security update

Package : phpmyadmin Version : 4:3.4.11.1-2+deb7u8 CVE ID : CVE-2016-6621 A server-side request forgery vulnerability was reported for the setup script in phpmyadmin, a MYSQL web administration tool. This flaw may allow an unauthenticated attacker to brute-force MYSQL passwords, detect internal...

8.6CVSS9AI score0.01927EPSS
Exploits0
Packet Storm
Packet Storm
added 2017/02/20 12:0 a.m.83 views

Lithium Forum Server-Side Request Forgery

Document Title: =============== Lithium Forum - Compose Message SSRF Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2030 Release Date: ============= 2017-02-20 Vulnerability Laboratory ID VL-ID: ==================================== 2030...

0.7AI score
Exploits0
NVD
NVD
added 2017/02/17 2:59 a.m.17 views

CVE-2016-4312

XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...

7.5CVSS8.2AI score0.05997EPSS
Exploits5References6
Prion
Prion
added 2017/02/17 2:59 a.m.18 views

Server side request forgery (ssrf)

XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...

6CVSS8.6AI score0.05997EPSS
Exploits6References6Affected Software1
Cvelist
Cvelist
added 2017/02/16 6:0 p.m.26 views

CVE-2016-4312

XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...

8.2AI score0.05997EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2017/02/06 12:0 a.m.35 views

Debian DLA-816-1 : svgsalamander security update

Luc Lynx discovered a Server-Side Request Forgery in svgSalamander allowing access to the trusted network with specially crafted SVG files. For Debian 7 'Wheezy', these problems have been fixed in version 0svn95-1+deb7u1. We recommend that you upgrade your svgsalamander packages. NOTE: Tenable...

7.4CVSS7.2AI score0.01992EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/02/06 12:0 a.m.34 views

Debian DSA-3781-1 : svgsalamander - security update

Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3781. The text itself is...

7.4CVSS7.2AI score0.01992EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/02/05 12:0 a.m.26 views

Debian Security Advisory DSA 3781-1 (svgsalamander - security update)

Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery. OpenVAS Vulnerability Test $Id: deb3781.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3781-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks...

5.8CVSS7.3AI score0.01992EPSS
Exploits0References1
Debian
Debian
added 2017/02/03 10:55 a.m.20 views

[SECURITY] [DLA 816-1] svgsalamander security update

Package : svgsalamander Version : 0svn95-1+deb7u1 CVE ID : CVE-2017-5617 Debian Bug : 853134 Luc Lynx discovered a Server-Side Request Forgery in svgSalamander allowing access to the trusted network with specially crafted SVG files. For Debian 7 "Wheezy", these problems have been fixed in version...

7.4CVSS7.7AI score0.01992EPSS
Exploits0
Veracode
Veracode
added 2017/02/02 7:38 a.m.15 views

Server Side Request Forgery (SSRF)

svg-salamander is vulnerable to server side request forgery SSRF attacks. The vulnerability exists because svg-salamander does not restrict the schemes supported in the SVG file. An attacker can exploit this vulnerability by supplying a SVG file with file://, jar://, or other application specific...

7.4CVSS7.1AI score0.01992EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2017/02/01 7:3 a.m.38 views

Server-Side Request Forgery (SSRF)

ImageMagick is vulnerable to server-side request forgery SSRF. A malicious user can send a malicious .mvg file to force a HTTP, GET or FTP request a user...

5.5CVSS6.9AI score0.76897EPSS
Exploits4References22Affected Software1
Prion
Prion
added 2017/01/31 10:59 p.m.14 views

Server side request forgery (ssrf)

The fetchremotefile function in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

5.8CVSS7.3AI score0.01651EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2017/01/31 10:0 p.m.23 views

CVE-2016-9417

The fetchremotefile function in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

7.4AI score0.01651EPSS
Exploits0References4
CVE
CVE
added 2017/01/31 10:0 p.m.46 views

CVE-2016-9417

The CVE-2016-9417 vulnerability affects MyBB (My Bulletin Board) prior to version 1.8.8 and the MyBB Merge System prior to 1.8.8. The issue is a server-side request forgery (SSRF) via the fetch_remote_file function, enabling remote attackers to trigger requests from the vulnerable server to other...

7.4CVSS7.4AI score0.01651EPSS
Exploits0References4Affected Software2
Prion
Prion
added 2017/01/31 7:59 p.m.19 views

Server side request forgery (ssrf)

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

5CVSS7.1AI score0.01927EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder