PT-2022-21777 · Mcafee · Mcafee Epo

Name of the Vulnerable Software and Affected Versions: McAfee ePO versions prior to 5.10 Update 14 Description: The issue allows an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack by exploiting an External XML entity XXE vulnerability. This can be done ...

CVE-2022-41477

A security issue was discovered in WeBid =1.2.2. A Server-Side Request Forgery SSRF vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories...

CVE-2022-41496

iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at admincp.php...

ClipperCMS 代码问题漏洞

ClipperCMS is a content management system CMS from the ClipperCMS team. A security vulnerability exists in ClipperCMS version 1.3.3, which stems from the inclusion of server-side request forgery SSRF via the pkgurl parameter in /manager/index.php...

iCMS 代码问题漏洞

iCMS is a software application. An efficient and simple content management system built with PHP and MySQL. A security vulnerability exists in iCMS version v7.0.16, which originates from a server-side request forgery SSRF contained in the url parameter via admincp.php...

ClipperCMS 代码问题漏洞

ClipperCMS is a content management system CMS from the ClipperCMS team. A security vulnerability exists in ClipperCMS version 1.3.3, which originates from the inclusion of server-side request forgery SSRF via the rssurlnews parameter in /manager/index.php...

PT-2022-23461 · Heartex · Label Studio Community Edition

Name of the Vulnerable Software and Affected Versions: Heartex - Label Studio Community Edition versions 1.5.0 and earlier Description: A Server Side Request Forgery SSRF in the Data Import module allows an authenticated user to access arbitrary files on the system. Self-registration is enabled b...

Vulnerabilities found in Microsoft Exchange Sever

GTSC, a Vietnamese security company has found vulnerabilities in Microsoft Exchange Server 1. The vulnerabilities allow a malicious party able to execute a Server-Side Request Forgery and to execute arbitrary code. The vulnerabilities have similarities to the Exchange vulnerability from 2021 call...

VulnCheck KEV: CVE-2022-41040

Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution...

CVE-2022-35282

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery SSRF. By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data...

DEBIAN-CVE-2022-40083

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery SSRF...

LabStack LLC echo 输入验证错误漏洞

LabStack echo is a high-performance, minimalist Go web framework open sourced by LabStack LLC. labStack Echo v4.8.0 version has an open redirection vulnerability that can be exploited by attackers to launch server-side request forgery attacks...

Vulnerabilities fixed in IBM WebSphere Application Server and QRadar

IBM has fixed vulnerabilities in WebSphere Application Server and QRadar User Behavior Analytics. The vulnerabilities allow a malicious party able to gain access to system data or execute a Server-Side Request Forgery. Both vulnerabilities require that a malicious party already has access to the...

PT-2022-7187 · Labstack +1 · Labstack Echo +1

Name of the Vulnerable Software and Affected Versions: Labstack Echo version 4.8.0 Description: The issue is related to an open redirect vulnerability via the Static Handler component, which can be leveraged by attackers to cause a Server-Side Request Forgery SSRF. This allows a remote attacker t...

GHSA-53JM-3HC9-FQQC Apache Batik vulnerable to Server-Side Request Forgery

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik Bridge versions 1.14 and below...

GHSA-C5XV-QC8P-MH2V Apache Batik Server-Side Request Forgery

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...

DEBIAN-CVE-2022-38648

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14...

UBUNTU-CVE-2022-38398

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14...

UBUNTU-CVE-2022-38648

Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14...

Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format.A server-side request forgery vulnerability exists in Apache XML Graphics Batik due to a flaw in the A flaw in the DefaultExternalResourceSecurity function cause...