The vulnerability in the web interface of the Cisco Identity Services Engine, which allows a perpetrator to perform an SSRF attack

The vulnerability in the web interface of the Cisco Identity Services Engine relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...

CVE-2021-40091

An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654...

XStream: SSRF via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

CVE-2021-29863

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for...

CVE-2021-43296

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor...

Zoho ManageEngine SupportCenter Plus 代码问题漏洞

ZOHO ManageEngine SupportCenter Plus is a web-based customer support software from ZOHO, Inc. Used to allow organizations to effectively manage customer requests, their account and contact information, and service contracts, and in the process provide a superior customer experience, ZOHO...

CVE-2021-3553

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions...

Redash 代码问题漏洞

Redash is a data integration and analysis solution from the Israeli company Redash. The product supports data integration, data visualization, query editing, and data sharing.Redash 10.0.0 and earlier versions are vulnerable to a code issue that stems from the fact that the program is vulnerable ...

Bitdefender Endpoint Security Tool 代码问题漏洞

Bitdefender Endpoint Security Tool is an endpoint security management tool from the Romanian company Bitdefender. A security vulnerability exists in Bitdefender Endpoint Security Tools, which stems from the lack of a valid check for server-side request forgery in the EPPUpdateService component of...

XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

PT-2021-23928 · Redash · Redash

Name of the Vulnerable Software and Affected Versions: Redash versions 10.0 and prior Description: Redash is a package for data visualization and sharing. The implementation of URL-loading data sources like JSON, CSV, or Excel in versions 10.0 and prior is vulnerable to advanced methods of Server...

CVE-2021-23718

The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery SSRF via the defaultIpChecker function. It fails to properly validate if the IP requested is private...

Exploit for Server-Side Request Forgery in Microsoft

python sendwebshellmail.py https://mail16.echod.com aaa@echo...

Ssrf-Agent 代码问题漏洞

Ssrf-Agent is a Chinese welefen personal developer used to prevent Ssrf in Https requests. Ssrf-agent suffers from a security vulnerability that stems from the vulnerability to server-side request forgery SSRF attacks via the defaultIpChecker function. If the requested IP is private, it cannot be...

CVE-2021-39303

The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation will also publish an article about this vulnerability...

CVE-2021-43576

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins...

Debian DSA-5004-1 : libxstream-java - security update

The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5004 advisory. Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again. These vulnerabilities may allow...

TYPO3 代码问题漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland.TYPO3 has a server-side request forgery vulnerability prior to 1.0.6, which stems from the product's failure to properly validate user input and can be exploited by attackers to...

VulnCheck KEV: CVE-2016-3718

ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery SSRF via a crafted image...