UBUNTU-CVE-2023-44469

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the requesturi authorization parameter. This is similar to CVE-2020-10770...

PT-2023-29248 · Unknown · Lemonldap::Ng

Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.17.1 Description: A Server-Side Request Forgery issue in the OpenID Connect Issuer allows authenticated remote attackers to send GET requests to arbitrary URLs through the request uri authorization parameter...

PT-2023-28599 · Galaxy · Galaxy

Name of the Vulnerable Software and Affected Versions: Galaxy versions prior to 22.05 Description: Galaxy is an open-source platform for FAIR data analysis. It is vulnerable to server-side request forgery, which allows a malicious entity to issue arbitrary HTTP/HTTPS requests from the application...

Server-side Request Forgery (SSRF)

Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or...

CVE-2023-3025

The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to...

PYSEC-2023-176

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returni...

The vulnerability of the defaultrepositoryadmin service in the Crucible code-checking tool, as well as the Fisheye code-searching and comparing tool, allows a hacker to perform an SSRF attack.

The vulnerability of the defaultrepositoryadmin service in the Crucible code-checking tool, as well as the Fisheye tool for code search and comparison, is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...

The vulnerability in the HTTP request basket service interface allows a attacker to perform an SSRF attack.

The vulnerability of the web service interface for collecting and checking HTTP requests related to Request Baskets is related to insufficient validation of incoming requests when processing the name parameter /api/baskets/name. Exploiting this vulnerability allows a malicious actor to perform an...

PT-2023-25567 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 2.1.0 Description: The issue is related to improper REST API permission in Apache Superset, allowing authenticated Gamma users to test network connections, which may lead to a possible Server-Side...

The vulnerability of the Request package on the Node.js software platform allows a attacker to perform an SSRF attack.

The vulnerability of the Request package in the Node.js software platform is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...

ssrf-exploit

SSRF exploit an exploit of Server-side request forgery...

CVE-2023-40969

Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery SSRF via admin/modules/bibliography/popp2p.php...

iCMS2 代码问题漏洞

iCMS is a software application. An efficient and simple content management system built with PHP and MySQL. A code issue vulnerability exists in iCMS2 versions prior to 2.16.1, which stems from vulnerability to server-side request forgery SSRF attacks...

PT-2023-27211 · Geonode · Geonode

Name of the Vulnerable Software and Affected Versions: GeoNode versions 3.2.0 through 4.1.2 Description: The issue concerns a server-side request forgery problem in GeoNode. Specifically, the endpoint /proxy/?url= does not properly protect against this type of attack, allowing an attacker to port...

DEBIAN-CVE-2022-44730

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...

UBUNTU-CVE-2022-44729

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...

Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a suite of Java-based applications from the Apache Foundation that are primarily used for processing SVG-format images. A code issue vulnerability exists in Apache XML Graphics Batik version 1.16, which stems from the presence of a Server Request Forgery SSRF...

Artica Pandora FMS 代码问题漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS that stems from a server-side request forgery SSRF vulnerability in...

Aruba Networks EdgeConnect SD-WAN Orchestrator 代码问题漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in the Aruba Networks EdgeConnect SD-WAN Orchestrator that stems from a server-side request forgery vulnerability in the web-based management interface...

PT-2023-25970 · Riverbed · Edgeconnect Sd-Wan Orchestrator

Name of the Vulnerable Software and Affected Versions: EdgeConnect SD-WAN Orchestrator affected versions not specified Description: A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side...