Lucene search
+L

9746 matches found

UbuntuCve
UbuntuCve
added 2017/01/31 7:59 p.m.39 views

CVE-2016-6621

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

8.6CVSS7.2AI score0.01927EPSS
Exploits0References2
OSV
OSV
added 2017/01/31 7:59 p.m.24 views

CVE-2016-6621

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

8.6CVSS6.9AI score
Exploits0References3
Debian CVE
Debian CVE
added 2017/01/31 7:0 p.m.33 views

CVE-2016-6621

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

8.6CVSS8.6AI score0.01927EPSS
Exploits0
phpMyAdmin
phpMyAdmin
added 2017/01/24 12:0 a.m.44 views

Multiple vulnerabilities in setup script

PMASA-2016-44 Announcement-ID: PMASA-2016-44 Date: 2017-01-24 Summary Multiple vulnerabilities in setup script Description A server-side request forgery vulnerability was reported with the setup script. This flaw can allow an unauthenticated attacker to: 1. brute-force passwords of MYSQL servers...

8.6CVSS7.3AI score0.01927EPSS
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2017/01/18 5:0 p.m.55 views

CVE-2016-7999

ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...

7.4CVSS7.5AI score0.02299EPSS
Exploits2
Prion
Prion
added 2017/01/10 11:59 a.m.16 views

Server side request forgery (ssrf)

Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via...

10CVSS7.1AI score0.03989EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2016/12/15 12:0 a.m.20 views

Splunk Enterprise SSRF Vulnerability (SP-CAAAPSR)

Splunk Enterprise is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.2AI score
Exploits0References1
0day.today
0day.today
added 2016/12/10 12:0 a.m.49 views

Splunk Enterprise 6.4.3 - Server-Side Request Forgery Vulnerability

Exploit for php platform in category web applications Splunk Enterprise Server-Side Request Forgery Affected versions: Splunk Enterprise = 6.4.3 PDF: http://security-assessment.com/files/documents/advisory/SplunkAdvisory.pdf +-----------+ |Description| +-----------+ The Splunk Enterprise...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2016/12/09 12:0 a.m.27 views

Splunk Enterprise 6.4.3 - Server-Side Request Forgery

Splunk Enterprise 6.4.3 - Server-Side Request Forgery ''' , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Splunk Enterprise Server-Side Request Forgery Affected versions: Splunk Enterprise = 6.4.3...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2016/12/09 12:0 a.m.47 views

Splunk Enterprise 6.4.3 Server-Side Request Forgery

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Splunk Enterprise Server-Side Request Forgery Affected versions: Splunk Enterprise = 6.4.3 PDF:...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2016/12/09 12:0 a.m.59 views

Splunk Enterprise 6.4.3 - Server-Side Request Forgery

''' , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Splunk Enterprise Server-Side Request Forgery Affected versions: Splunk Enterprise = 6.4.3 PDF:...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2016/12/08 11:11 p.m.26 views

U.S. Dept Of Defense: Server Side Request Forgery (SSRF) vulnerability in a DoD website

A Department of Defense webserver was vulnerable to an SSRF attack that could have enabled a remote user to send custom web requests from the vulnerable system. @korprit was able to demonstrate this vulnerability by crafting specially formatted URLs. Thanks @korprit!...

2.3AI score
Exploits0
Prion
Prion
added 2016/12/08 6:59 p.m.23 views

Server side request forgery (ssrf)

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute...

6CVSS7.7AI score0.05621EPSS
Exploits2References5Affected Software1
WPVulnDB
WPVulnDB
added 2016/12/08 12:0 a.m.22 views

Nelio AB Testing <= 4.5.8 - Server Side Request Forgery (SSRF)

The Nelio AB Testing WordPress plugin was affected by a Server Side Request Forgery SSRF security vulnerability...

6.4CVSS3AI score0.01649EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2016/12/08 12:0 a.m.8 views

WordPress Nelio AB Testing Plugin <= 4.5.8 - Server Side Request Forgery

This plugin is prone to a server side request forgery vulnerability. It allows attacker to collect various information about the server or even achieve remote code execution. Solution Update the plugin...

4.2AI score
Exploits0References2Affected Software1
0day.today
0day.today
added 2016/12/03 12:0 a.m.195 views

Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution Vulnerabilities

Exploit for windows platform in category remote exploits I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a pat...

7.5CVSS9.2AI score0.98518EPSS
Exploits28
Packet Storm
Packet Storm
added 2016/12/03 12:0 a.m.604 views

Apache ActiveMQ 5.11.1 / 5.13.2 Directory Traversal / Command Execution

I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a path delimiter. An attacker could use this flaw to upload...

7.5CVSS0.5AI score0.98518EPSS
Exploits28
Prion
Prion
added 2016/12/01 11:59 a.m.16 views

Server side request forgery (ssrf)

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address e.g., http://127.1 or a 30x aka Redirection HTTP status code...

5CVSS7.1AI score0.01058EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2016/11/25 3:59 a.m.4 views

CVE-2016-5968

The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via...

5.3CVSS5.8AI score0.00877EPSS
Exploits0References2
Prion
Prion
added 2016/11/25 3:59 a.m.19 views

Server side request forgery (ssrf)

The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via...

5CVSS7AI score0.00877EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder