CVE-2023-3958

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notifypingremote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locatio...

Flarum 代码问题漏洞

Flarum is an open source forum system for the Flarum community. A code issue vulnerability exists in Flarum versions prior to 1.8.0 that stems from a vulnerability that allows an attacker to disclose any file on the server via an SSRF attack, even if it is a basic user account on a Flarum forum,...

PT-2023-7222 · Flarum +1 · Flarum +1

Name of the Vulnerable Software and Affected Versions: Flarum versions prior to 1.8.0 Description: The issue allows an attacker to conduct a Blind Server-Side Request Forgery SSRF attack or disclose any file on the server, even with a basic user account on any Flarum forum. This is due to the...

PT-2023-17385 · WordPress · Booking Manager

Name of the Vulnerable Software and Affected Versions: The Booking Manager WordPress plugin versions prior to 2.0.29 Description: The issue concerns a lack of validation for URLs input in the admin panel or in shortcodes for showing events from a remote .ics file. This allows an attacker with...

The vulnerability of the modTXSOt module in the monitoring and security management widgets of Trend Micro Apex Central allows a attacker to perform an SSRF attack.

The vulnerability of the modTXSO widget in the monitoring panel of the Trend Micro Apex Central security management tool is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...

The vulnerability of the modVulnerabilityProtect widget in the monitoring and security management panel of Trend Micro Apex Central allows a attacker to perform an SSRF attack.

The vulnerability of the modVulnerabilityProtect widget in the monitoring and security management panel of Trend Micro Apex Central is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...

Multiple server-side request forgery vulnerabilities in Trend Micro Apex Central (July 2023)

Overview Trend Micro Apex Central is vulnerable to multiple server-side request forgeries. Trend Micro Incorporated has released Patch 5 build 6481 for Trend Micro Apex Central. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact...

CVE-2022-41401

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

USN-6274-1 xmltooling vulnerability

Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this issue to achieve server-side request forgery...

PT-2023-20635 · Unknown · Cacheservice

Name of the Vulnerable Software and Affected Versions: Cacheservice affected versions not specified Description: The issue arises when Cacheservice is configured to use a sproxyd object-storage backend, allowing it to follow HTTP redirects issued by that backend. An attacker with access to a loca...

CVE-2023-39108

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

CVE-2023-39109

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

CVE-2023-39110

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

CVE-2023-39110

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

rConfig Code Issue Vulnerability

rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig v3.9.4, which stems from a pathb parameter in the doDiff function of /classes/compareClass.php that contains server-side request forgery SSRF, which allows an authenticated attacker to...

CVE-2022-42183

Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery SSRF...

PT-2023-4353 · Trend Micro · Trend Micro Apex Central

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex Central versions prior to build 6481 Description: A server-side request forgery SSRF vulnerability could allow an attacker to interact with internal or local services directly. The attacker must first obtain the ability to...

PT-2023-4354 · Trend Micro · Trend Micro Apex Central

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex Central version 2019 = Build 6394 Description: The issue is related to insufficient validation of incoming requests in the modTMSL widget monitoring panel module of Trend Micro Apex Central, a security monitoring and manageme...

USN-6243-1 graphite-web vulnerabilities

It was discovered that Graphite-Web incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information. This issue on...

CVE-2023-37290

InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows...