PT-2022-7400 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.4 Description: The issue is related to the usage of RSS feeds or an external calendar in planning, which is subject to a Server-Side Request Forgery SSRF exploit. If a remote script returns a redirect response, the...

PT-2022-5970 · Red Hat · Red Hat Advanced Cluster Management For Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Red Hat Advanced Cluster Management for Kubernetes RHACM affected versions not specified Red Hat Advanced Cluster Security RHACS for Kubernetes affected versions not specified Description: The issue is related to a Server-Side Request Forgery...

PT-2022-6063 · Cisco · Cisco Broadworks Commpilot

Name of the Vulnerable Software and Affected Versions: Cisco BroadWorks CommPilot Application Software affected versions not specified Description: A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to...

CVE-2022-41552

Server-Side Request Forgery SSRF vulnerability in Hitachi Infrastructure Analytics Advisor on Linux Data Center Analytics, Analytics probe components, Hitachi Ops Center Analyzer on Linux Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components allows Server Side...

PT-2022-25332 · Php Point Of Sale Llc +1 · Php Point Of Sale

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, so: Application affected versions not specified Description: The application is susceptible to Server-Side Request Forgery attacks. This allows the backend server to interact with unexpected...

httpd: possible NULL dereference or SSRF in forward proxy configurations

There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...

httpd: possible NULL dereference or SSRF in forward proxy configurations

There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix...

PT-2022-27030 · Metabase · Metabase

Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 44.5 Description: The issue concerns the url parameter of the "/api/geojson" endpoint, which can be exploited to perform Server Side Request Forgery attacks. It is noted that previously implemented blacklists could ...

Mitel MiCollab 代码问题漏洞

Mitel MiCollab is a mobile application from Mitel Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees. A security vulnerability exists in Mitel MiCollab version 9.5.0.101 and prior versions, which stems from an insufficiently restricted URL...

Skipper 代码问题漏洞

Skipper is an HTTP router and reverse proxy for service portfolios. A security vulnerability exists in Zalando Skipper version v0.13.236 that stems from vulnerability to server-side request forgery SSRF attacks...

WordPress plugin Blog2Social 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Blog2Social version before 6.9.10...

Synology DiskStation Manager 代码问题漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology, a Chinese company. The operating system manages data, files, photos, music and other information. A code issue vulnerability exists in Synology DiskStation Manager DSM versions prior to...

PT-2022-18528 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 7.1-42661 Description: A Server-Side Request Forgery SSRF issue in the Package Center functionality allows remote authenticated users to access intranet resources via unspecified vectors. Thi...

PT-2022-23375 · Mitel · Mitel Micollab

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.5.0.101 Description: A vulnerability in the MiCollab Client server component could allow an authenticated attacker to conduct a Server-Side Request Forgery SSRF attack due to insufficient restriction of URL...

PT-2022-24469 · Zalando · Zalando Skipper

Name of the Vulnerable Software and Affected Versions: Zalando Skipper versions prior to v0.13.237 Description: The issue allows an attacker to exploit a vulnerable version of the proxy to access the internal metadata server or other unauthenticated URLs by adding a specific header X-Skipper-Prox...

GitHub Enterprise Server 代码问题漏洞

GitHub Enterprise Server is an open source application from Github in the United States. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions pri...

CVE-2022-3338

An External XML entity XXE vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file throu...

CVE-2022-39055

RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response...

Changing Information Technology RAVA certificate validation system 代码问题漏洞

Changing Information Technology RAVA certificate validation system Panorama Software RAVA certificate validation system website is a certificate validation system from Changing Information Technology, China. A security vulnerability exists in the RAVA certificate validation system, which stems fr...

PT-2022-21777 · Mcafee · Mcafee Epo

Name of the Vulnerable Software and Affected Versions: McAfee ePO versions prior to 5.10 Update 14 Description: The issue allows an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack by exploiting an External XML entity XXE vulnerability. This can be done ...