CVE-2021-37223

Nagios Enterprises NagiosXI = 5.8.4 contains a Server-Side Request Forgery SSRF vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be...

Nagios XI 代码问题漏洞

Nagios is an open source, free network monitoring tool from Nagios, Inc. NagiosXI in version 5.8.4 has a server-side request forgery vulnerability, which stems from the product's failure to properly validate user input and could be exploited by an authenticated attacker to access internal resourc...

PT-2021-22714 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.15 and later Description: A DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery SSRF attacks. This issue allows an attacker to potentially access interna...

PT-2021-22740 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.0 and later Description: A DNS rebinding vulnerability exists in the Fogbugz importer, which may be used by attackers to exploit Server Side Request Forgery attacks. This issue affects all versions of GitLab CE/EE sinc...

GitLab 代码问题漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A code issue vulnerability exists in GitLab CE/EE, which...

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Server Side Request Forgery SSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Bypassing authentication Circumvention of security measure...

The vulnerability of the mod_proxy module in the Apache HTTP Server allows a hacker to perform an SSRF attack.

The vulnerability of the modproxy module in the Apache HTTP Server is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

CVE-2021-37104

There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118C00E116R3P3. This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attack...

CVE-2021-40103

An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF...

CVE-2021-41385

The third party intelligence connector in Securonix SNYPR 6.3.1 Build 1842950302 allows an authenticated user to obtain access to server configuration details via SSRF...

CVE-2021-41586

In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password...

Gradle 代码问题漏洞

Gradle Enterprise improves developer productivity by accelerating builds, improving build reliability, and speeding up build debugging.A server-side request forgery vulnerability exists in versions of Gradle Enterprise prior to 2021.1.3. An attacker could use this vulnerability to discover...

PT-2021-23350 · Gradle · Gradle Enterprise

Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions prior to 2021.1.3 Description: The issue allows an attacker with the ability to perform Server-Side Request Forgery SSRF attacks to potentially discover credentials for other resources. SSRF is a type of attack wher...

CVE-2021-21993

The vCenter Server contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosur...

Gopherus

This is an analysis of the provided repository, specifically focusing on the Gopherus tool. Classification: The Gopherus tool is a proof-of-concept exploit for various vulnerabilities, including SSRF Server-Side Request Forgery and RCE Remote Code Execution. Primary Vulnerability: The primary...

Discourse 代码问题漏洞

Discourse is an open source community discussion platform. The platform includes community, email and chat room features.Discourse in versions 2.3.2 and 2.6 has a server-side request forgery vulnerability that can be exploited by attackers to upload images from remote websites when writing emails...

CVE-2021-39339

The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the /bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0...

WordPress 插件 代码问题漏洞

WordPress Plugin is an open source application plugin for WordPress. A code issue vulnerability exists in the WordPress plugin, which stems from a user-supplied URL request value being invoked by a curl request, making the Telefication plugin susceptible to open proxies and server-side request...

CVE-2021-37419

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF...

Vmware VMware vCenter Server 代码问题漏洞

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. vCenter Server is vulnerable to...