9746 matches found
Server side request forgery (ssrf)
Server-side request forgery SSRF vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter...
[SECURITY] [DSA 3085-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3085-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez December 03, 2014 http://www.debian.org/security/faq -...
DSA-3085-1 wordpress - security update
Bulletin has no description...
CVE-2014-8749
Server-side request forgery SSRF vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter...
CVE-2014-5237
Server-side request forgery SSRF vulnerability in the documentconverter component in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text...
CVE-2014-2233
Server-side request forgery SSRF vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors...
Server side request forgery (ssrf)
Server-side request forgery SSRF vulnerability in the documentconverter component in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text...
Server side request forgery (ssrf)
Server-side request forgery SSRF vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors...
CVE-2014-2233
Server-side request forgery SSRF vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors...
CVE-2014-2233
CVE-2014-2233 (Infoware MapSuite MapAPI) is a Server-Side Request Forgery (SSRF) vulnerability in MapSuite MapAPI that allows an attacker to trigger requests from the vulnerable server to internal/intranet targets via specially crafted input parameters. Affected versions are MapAPI prior to 1.0.3...
Server side request forgery (ssrf)
The respjsippubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service crash via crafted headers in a SIP SUBSCRIBE request for an event package...
CVE-2014-9038
wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery SSRF attacks by referring to a 127.0.0.0/8 resource...
CVE-2014-9038
wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery SSRF attacks by referring to a 127.0.0.0/8 resource...
WordPress < 3.7.5 / 3.8.5 / 3.9.3 / 4.0.1 Multiple Vulnerabilities
According to its version number, the WordPress application installed on the remote web server is affected by multiple vulnerabilities : - Multiple unspecified errors exist that could allow cross-site scripting attacks. - An unspecified error exists that could allow cross-site request forgery...
Server side request forgery (ssrf)
The Best Free Giveaways aka com.wIphone5GiveAways application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Server side request forgery (ssrf)
Bulb Security Smartphone Pentest Framework SPF before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request...
Server side request forgery (ssrf)
The Quest Federal CU Mobile aka com.metova.cuae.questfcu application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Open-Xchange Security Advisory 2014-09-15
Product: OX App Suite Vendor: Open-Xchange GmbH Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.6.0 and earlier Vulnerable component: frontend Fixed version: 7.4.2-rev33, 7.6.0-rev16 Report confidence: Confirmed Solution status: Fixed by Vendor Vendor notification: 2014-07-1...
Server side request forgery (ssrf)
The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery SSRF attacks via crafted serialized data in the report parameter...
Server side request forgery (ssrf)
pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service infinite loop via an RSS feed request for a folder the user does not have permission to access...