CVE-2021-39152 A Server-Side Forgery Request vulnerability in XStream via HashMap unmarshaling

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

XStream 代码问题漏洞

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and previous versions have a server-side request forgery vulnerability, which can be used by remote attackers to submit special requests that can obtain...

XStream 代码问题漏洞

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and previous versions have a server-side request forgery vulnerability, which can be used by remote attackers to submit special requests that can obtain...

CVE-2020-25353

A server-side request forgery SSRF vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters...

rConfig 代码问题漏洞

rConfig is an open source network configuration management utility. rConfig is vulnerable to server-side request forgery, which could be exploited by an attacker to open a connection to a machine via the deviceIpAddr and connPort parameters...

XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

CVE-2021-37711

Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin...

CVE-2021-37353

Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in tablepopulation.php...

Nagios XI 代码问题漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A code issue vulnerability exists in the Nagios XI Docker Wizard, which stems from improper cleanup in...

XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

Vulnerability fixed in FortiManager and FortiAnalyzer

A server-side request forgery SSRF vulnerability in FortiManager and FortiAnalyser GUI could allow a remote attacker to gain access to unauthorized files and services on the system via specially designed web requests. Fortinet has released updates to fix the vulnerability. More information can be...

php: SSRF bypass in FILTER_VALIDATE_URL

A flaw was found in php. Currently, php's FILTERVALIDATEURL check doesn't recognize some non-compliant RFC 3986 URLs and returns them as valid. This flaw allows an attacker to craft URLs, which depending on how the URL filter checking is used on the application side, lead to Server Side Request...

Fortinet FortiManager 和 Fortinet FortiAnalyzer 代码问题漏洞

Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. The product is primarily used to collect network log data and analyze, report, and archive security events, network traffic, and Web content in...

CVE-2021-24472

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF Server...

WordPress 插件代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in OnAir2...

CVE-2020-4974

IBM Jazz Foundation products are vulnerable to server side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434...

CVE-2021-26699

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used...

CVE-2021-31216

Siren Investigate before 11.1.1 contains a server side request forgery SSRF defect in the built-in image proxy route which is enabled by default. An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs...

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly mentioned, but the tool is designed to simulate various web application vulnerabilities, including Burt Force 暴力破解漏洞, XSS 跨站脚本漏洞, CSRF 跨站请求伪造, SQL-Inject SQL注入漏洞, RCE 远程命令/代码执行, Files Inclusion...

CVE-2021-29749

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-For...