ADSelfService Plus 代码问题漏洞

Zoho ManageEngine ADSelfService Plus is a web-based self-service application that enables end-users to perform tasks such as password reset, account unlocking, profile information update, etc. without relying on the help desk. A server-side request forgery vulnerability exists in Zoho ManageEngin...

GHSA-6Q3P-36F4-CWXV Server-Side Request Forgery in UReport

UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server in version 2.4.48 and earlier is vulnerable to server-side request forgery, which stems from a failure of the modproxy module to properly validate user input and can be exploited to forward requests to ...

CVE-2021-33690

Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the...

CVE-2021-30137

Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points...

The vulnerability of the import function implementation (/wp-admin/tools.php?page=rsvpmaker_export_screen) of the RSVPMaker plugin for WordPress content management system allows a hacker to perform an SSRF attack.

The vulnerability of the import function implementation /wp-admin/tools.php?page=rsvpmakerexportscreen of the RSVPMaker plugin for WordPress’s content management system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to perfo...

Server-side Request Forgery (SSRF)

Overview ssrf-agent is a prevent SSRF in https request Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the defaultIpChecker function. It fails to properly validate if the IP requested is private. PoC by Sayooj B Kumar // run a service on your localhost con...

Misskey 代码问题漏洞

Misskey is a micro-blogging platform, and a code issue vulnerability exists in Misskey due to a server-side request forgery vulnerability in the software's "upload from URL" and remote attachment handling. This could lead to the disclosure of non-public information on the intranet. No details of...

EyouCms代码问题漏洞

EyouCms is a free and open source enterprise content management system based on the TP5.0 framework and focused on the needs of enterprise website builders.EyouCMS version 1.5.4 is vulnerable to server-side request forgery. The vulnerability stems from the lack of validation of input data in...

CVE-2020-20341

YzmCMS v5.5 contains a server-side request forgery SSRF in the grabimage function...

Yzmcms 代码问题漏洞

YzmCMS is a lightweight open source content management system based on PHP Mysql architecture developed solely by Yuan Zhimeng. a server-side request forgery vulnerability exists in the grabimage function in YzmCMS version 5.5. No detailed vulnerability details are provided...

Gotenberg 代码问题漏洞

Thecodingmachine Gotenberg is Victornpb Thecodingmachine individual developers of a Go-based HTML, Markdown and Office documents can be converted to PDF applications. The application is based on Docker's stateless API can be used to support building web applications. Gotenberg A security...

GHSA-CXFM-5M4G-X7XP A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

GHSA-XW4P-CRPJ-VJX2 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

CVE-2021-28627

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Server-side Request Forgery. An authenticated attacker could leverage this vulnerability to contact systems blocked by the dispatcher. Exploitation of this issue does not require user interacti...

python-ipaddress: Improper input validation of octal strings

A flaw was found in python-ipaddress. Improper input validation of octal strings in stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. The highest threat from this vulnerability is to...

Server-Side Forgery Request

xstream is vulnerable to Server-Side Forgery Request. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request...

F5 BIG-IP 代码问题漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A security vulnerability exists in the F5 BIG-IP Advanced WAF and ASM TMUI, which could be exploited by an attacker with...

CVE-2021-39150 A Server-Side Forgery Request vulnerability in XStream via PriorityQueue unmarshaling

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...