9746 matches found
Server side request forgery (ssrf)
The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...
CVE-2017-5617
The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...
PT-2018-41: Server-Side Request Forgery in SAP NetWeaver Knowledge Management Configuration Service
The specialists of the Positive Research center have detected a Server-Side Request Forgery vulnerability in SAP NetWeaver Knowledge Management Configuration Service. A server-side request forgery SSRF vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 allow...
CVE-2015-8813
The CVE-2015-8813 entry affects Umbraco before 7.4.0, where the Page_Load code in FeedProxy.aspx.cs is vulnerable to server-side request forgery (SSRF) via the url parameter. Public descriptions (including the Nuclei template) confirm that an attacker can trigger arbitrary HTTP GET requests to ta...
Debian DLA-834-1 : phpmyadmin security update
A server-side request forgery vulnerability was reported for the setup script in phpmyadmin, a MYSQL web administration tool. This flaw may allow an unauthenticated attacker to brute-force MYSQL passwords, detect internal hostnames or opened ports on the internal network. Additionally there was a...
[SECURITY] [DLA 834-1] phpmyadmin security update
Package : phpmyadmin Version : 4:3.4.11.1-2+deb7u8 CVE ID : CVE-2016-6621 A server-side request forgery vulnerability was reported for the setup script in phpmyadmin, a MYSQL web administration tool. This flaw may allow an unauthenticated attacker to brute-force MYSQL passwords, detect internal...
Lithium Forum Server-Side Request Forgery
Document Title: =============== Lithium Forum - Compose Message SSRF Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2030 Release Date: ============= 2017-02-20 Vulnerability Laboratory ID VL-ID: ==================================== 2030...
CVE-2016-4312
XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...
Server side request forgery (ssrf)
XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...
CVE-2016-4312
XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...
Debian DLA-816-1 : svgsalamander security update
Luc Lynx discovered a Server-Side Request Forgery in svgSalamander allowing access to the trusted network with specially crafted SVG files. For Debian 7 'Wheezy', these problems have been fixed in version 0svn95-1+deb7u1. We recommend that you upgrade your svgsalamander packages. NOTE: Tenable...
Debian DSA-3781-1 : svgsalamander - security update
Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3781. The text itself is...
Debian Security Advisory DSA 3781-1 (svgsalamander - security update)
Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery. OpenVAS Vulnerability Test $Id: deb3781.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3781-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks...
[SECURITY] [DLA 816-1] svgsalamander security update
Package : svgsalamander Version : 0svn95-1+deb7u1 CVE ID : CVE-2017-5617 Debian Bug : 853134 Luc Lynx discovered a Server-Side Request Forgery in svgSalamander allowing access to the trusted network with specially crafted SVG files. For Debian 7 "Wheezy", these problems have been fixed in version...
Server Side Request Forgery (SSRF)
svg-salamander is vulnerable to server side request forgery SSRF attacks. The vulnerability exists because svg-salamander does not restrict the schemes supported in the SVG file. An attacker can exploit this vulnerability by supplying a SVG file with file://, jar://, or other application specific...
Server-Side Request Forgery (SSRF)
ImageMagick is vulnerable to server-side request forgery SSRF. A malicious user can send a malicious .mvg file to force a HTTP, GET or FTP request a user...
Server side request forgery (ssrf)
The fetchremotefile function in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...
CVE-2016-9417
The fetchremotefile function in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...
CVE-2016-9417
The CVE-2016-9417 vulnerability affects MyBB (My Bulletin Board) prior to version 1.8.8 and the MyBB Merge System prior to 1.8.8. The issue is a server-side request forgery (SSRF) via the fetch_remote_file function, enabling remote attackers to trigger requests from the vulnerable server to other...
Server side request forgery (ssrf)
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...