Open-Xchange OX App Suite 代码问题漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability previously existed in Open-Xchange OX App Suite version 7.10.6-rev30, which stemmed from the presence of server-side request forgery...

GitLab 代码问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from a server-side reques...

GitLab 代码问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab, which stems from a server-side reque...

PT-2023-10699 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.0 through 11.1.7 GitLab Community and Enterprise Edition versions 11.2.0 through 11.2.4 GitLab Community and Enterprise Edition versions 11.3.0 through 11.3.1 Description: An issue was...

PT-2023-14290 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev30 Description: The issue allows for Server-Side Request Forgery SSRF because changing a POP3 account disregards the deny-list. This occurs when the OX App Suite is configured to use POP3 accounts and ...

tpAdmin 代码问题漏洞

tpAdmin is a management backend based on ThinkPHP5. A code issue vulnerability exists in yuan1994 tpAdmin version 1.3.12, which stems from an incorrect manipulation of the parameter url leading to server-side request forgery...

PT-2023-2442 · Ftp Admin · Ftp Admin

Name of the Vulnerable Software and Affected Versions: tpAdmin version 1.3.12 Description: A critical vulnerability was found in the function remote of the file applicationadmincontrollerUpload.php. The manipulation of the argument url leads to server-side request forgery. It is possible to launc...

Budibase 代码问题漏洞

Budibase is a low-code platform for creating in-house applications, workflows and admin panels in minutes, open-sourced by Budibase UK. A code issue vulnerability exists in Budibase versions prior to 2.4.3 that stems from the presence of a Server Request Forgery SSRF vulnerability. An attacker...

CVE-2023-20030

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery SSRF attack through an affected device, or negatively impact the responsiveness of the...

GLPI 代码问题漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

Server-side Request Forgery (SSRF)

Overview org.openapitools:openapi-generator-online is an a Spring Boot Server application which hosts a client/server generator API. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the API endpoints /api/gen/clients/language and /api/gen/servers/framework...

CVE-2023-27160

forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery SSRF via the component /articles/id. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request...

Appwrite 代码问题漏洞

Appwrite is Appwrite open source an end-to-end backend server . Used to package into a set of Docker microservices for web, mobile, native or backend applications. A security vulnerability exists in Appwrite v1.2.1 and earlier versions , which stems from the discovery of a contained server-side...

request-baskets 代码问题漏洞

request-baskets is a web service from rbaskets open source. A security vulnerability exists in request-baskets v1.2.1 and earlier versions, which stems from a discovery via component/api/baskets/name that contains a server-side request forgery SSRF vulnerability. An attacker could use this...

forem 代码问题漏洞

Forem forem is a Ruby open source project for building online communities/forums from Forem. A security vulnerability exists in forem version v2022.11.11 and earlier versions, which stems from the discovery of a contained server-side request forgery SSRF vulnerability via component /articles/id. ...

PT-2023-20982 · Unknown · Openapi Generator

Name of the Vulnerable Software and Affected Versions: openapi-generator versions up to v6.4.0 Description: The issue is related to a Server-Side Request Forgery SSRF in the component "/api/gen/clients/language". This allows attackers to access network resources and sensitive information via a...

PT-2023-20980 · Forem · Forem

Name of the Vulnerable Software and Affected Versions: forem versions up to v2022.11.11 Description: The issue is related to a Server-Side Request Forgery SSRF via the component "/articles/id". This allows attackers to access network resources and sensitive information via a crafted POST request...

openapi-generator 代码问题漏洞

openapi-generator is a software application. It provides an open API interface. A security vulnerability exists in openapi-generator version v6.4.0 and earlier, which stems from the discovery of a vulnerability containing a server-side request forgery SSRF vulnerability via...

CVE-2023-25262

Stimulsoft GmbH Stimulsoft Designer Web 2023.1.3 is vulnerable to Server Side Request Forgery SSRF. TThe Reporting Designer Web offers the possibility to embed sources from external locations. If the user chooses an external location, the request to that resource is performed by the server rather...

PT-2023-19974 · Apache · Apache Fineract

Name of the Vulnerable Software and Affected Versions: Apache Fineract versions 1.4 through 1.8.3 Description: The issue is a Server-Side Request Forgery SSRF vulnerability. Authorized users with limited permissions can gain access to the server and may be able to use the server for any outbound...