The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a attacker to perform an SSRF attack.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by loading a specially created XML file...

CVE-2023-20174

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery SSRF attack through an affected device. To exploit these vulnerabilities, an attacker...

Cisco Identity Services Engine 代码问题漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. An XML external entity injection vulnerability...

CVE-2023-20174

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery SSRF attack through an affected device. To exploit these vulnerabilities, an attacker...

CVE-2023-20173

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery SSRF attack through an affected device. To exploit these vulnerabilities, an attacker...

PT-2023-23488 · Davinci · Davinci

Name of the Vulnerable Software and Affected Versions: davinci version 0.3.0-rc Description: The issue is related to Server-side request forgery SSRF. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was...

CVE-2023-23169

Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal...

pdfocus 代码问题漏洞

pdfocus is simple and secure PDF conversion. A security vulnerability exists in Synapsoft pdfocus version 1.17, which stems from the system's susceptibility to local file inclusion, server-side request forgery, and directory traversal...

PT-2023-18870 · Synapsoft · Synapsoft Pdfocus

Name of the Vulnerable Software and Affected Versions: Synapsoft pdfocus version 1.17 Description: The issue concerns local file inclusion and server-side request forgery Directory Traversal. Recommendations: For Synapsoft pdfocus version 1.17, consider restricting access to sensitive files and...

PT-2023-3009 · Unknown · Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions prior to 3.5.3 Description: A server-side request forgery issue exists, allowing an attacker with administrative privileges to bypass database restrictions and connect to unintended databases. The vulnerabili...

CVE-2022-29840

Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...

PT-2023-12986 · Western Digital · Western Digital My Cloud Os 5

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud OS 5 versions prior to 5.26.202 Description: A Server-Side Request Forgery SSRF issue was identified, which could allow a rogue server on the local network to modify its URL to point back to the loopback adapter. This...

batik: Server-Side Request Forgery

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...

Important: xstream

Issue Overview: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new...

Exploit for Server-Side Request Forgery in Synapsoft Pdfocus

CVE-2023-23169 POC for CVE-2023-23169 Local File inclusion &...

CVE-2023-30444

IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350...

CVE-2023-2140

A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application...

PT-2023-18175 · Dsi · Delmia Apriso

Name of the Vulnerable Software and Affected Versions: DELMIA Apriso versions 2017 through 2022 Description: A Server-Side Request Forgery issue could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application...

Apache Superset 代码问题漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A server-side request forgery vulnerability exists in Apache Superset version 2.0.1 and earlier. The vulnerability stems from the product failing to properly validate user input and can be...

PT-2023-20117 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 2.0.1 Description: A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature to conduct Server-Side Request Forgery attacks...