Sonatype Nexus Repository 代码问题漏洞

Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used for managing, storing, and distributing software, among other things. A security vulnerability exists in Sonatype Nexus Repository 3, which stems from a lack of validation and filtering of user-submitted input on t...

CVE-2021-29738

IBM InfoSphere Data Flow Designer IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force...

CVE-2021-29844

IBM Jazz Team Server products is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to request data from internal resources that are not publicly available by manipulating the processed input stream with Java runtime versions 14 to 8. The highest thre...

IBM Engineering Requirements Management DOORS Next 代码问题漏洞

IBM Engineering Requirements Management DOORS Next is a scalable solution from International Business Machines Corporation IBM. The solution helps you capture, track, analyze, and manage systems and advanced IT application development. IBM Engineering Requirements Management DOORS Next suffers fr...

The vulnerability of the “ASSaD-ID” biometrics system’s software lies in the improper restriction on XML links to external objects, which allows a perpetrator to carry out an SSRF attack.

The vulnerability of the “ASSaD-ID” biometrics system’s software is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack and execute arbitrary code within the system...

Zoho ManageEngine Applications Manager 代码问题漏洞

Zoho ManageEngine Applications Manager is an application performance monitoring and management solution for various business monitoring and management needs of enterprises. A server-side request forgery vulnerability exists in Zoho ManageEngine Applications Manager build 15200. No details of the...

Server-Side Request Forgery (SSRF)

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF which allows attackers to read files stored in the internal server. This is because...

CamaleonCMS 代码问题漏洞

Camaleon CMS is a RubyonRails-based advanced dynamic content management system CMS from the Camaleon CMS team. Camaleon CMS has a server-side request forgery vulnerability in versions 2.1.2.0 through 2.6.0, which stems from the product's failure to properly validate user input and can be exploite...

PT-2021-19841 · Itop +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: iTop versions prior to 2.6.5 iTop versions prior to 2.7.5 Description: The issue affects iTop, an open source web-based IT Service Management tool. An attacker can call the system setup without authentication, and given specific parameters,...

Server-side Request Forgery (SSRF)

Overview @isomorphic-git/cors-proxy is a Proxy clone and push requests for the browser Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to missing sanitization and validation of the redirection action in middleware.js. PoC GET...

CVE-2021-22033

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery SSRF vulnerability...

The vulnerability of the Content Library component of the VMware vCenter Server management tool allows a attacker to perform an SSRF attack.

The vulnerability of the Content Library component in the VMware vCenter Server management tool is related to insufficient verification of URL addresses. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack using a specially created POST request...

httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"

A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...

CVE-2021-22958

A Server-Side Request Forgery vulnerability was found in concrete5 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0...

Portlandlabs Concrete5 代码问题漏洞

Portlandlabs Concrete5 is an open source content management system CMS from PortlandLabs, U.S. Portlandlabs Concrete5 server-side request forgery vulnerability can be exploited by attackers to retrieve HTTP and FTP files from internal server networks by inserting internal addresses...

CVE-2020-21649

Myucms v2.2.1 contains a server-side request forgery SSRF in the component \controller\index.php, which can be exploited via the sql method...

CVE-2020-21653

Myucms v2.2.1 contains a server-side request forgery SSRF in the component \controller\index.php, which can be exploited via the sj method...

UBUNTU-CVE-2021-39894

In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks...

UBUNTU-CVE-2021-39867

In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery SSRF attacks...