PT-2021-18449 · Ibm · Ibm Secure Proxy +1

Name of the Vulnerable Software and Affected Versions: IBM Secure External Authentication Server version 6.0.2 IBM Secure Proxy version 6.0.2 Description: The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or...

CVE-2021-33213

An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address...

Elements-IT HTTP Commander 代码问题漏洞

Elements-IT HTTP Commander is a server-hosted, web-based file management solution from Elements-IT Germany. It provides basic functionality for working with files creating, copying, deleting, etc. and many other additional features, such as integration with cloud services, online editing of Offic...

USN-5006-2 php5, php7.0 vulnerabilities

USN-5006-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to...

IBM Sterling Secure Proxy 代码问题漏洞

IBM Sterling Secure Proxy is an International Business Machines Corporation IBM application proxy for securing file transfers in an organization's unprotected zone DMZ. IBM Sterling Secure Proxy has a server-side request forgery vulnerability vulnerability that originates from a server that fails...

OPENSUSE-SU-2021:1840-1 Security update for xstream

This update for xstream fixes the following issues: - Upgrade to 1.4.16 - CVE-2021-21351: remote attacker to load and execute arbitrary code bsc1184796 - CVE-2021-21349: SSRF can lead to a remote attacker to request data from internal resources bsc1184797 - CVE-2021-21350: arbitrary code executio...

Security update for xstream (important)

openSUSE Security Update: Security update for xstream Announcement ID: openSUSE-SU-2021:1840-1 Rating: important References: 1184372 1184373 1184374 1184375 1184376 1184377 1184378 1184379 1184380 1184796 1184797 Cross-References: CVE-2021-21341 CVE-2021-21342 CVE-2021-21343 CVE-2021-21344...

CVE-2020-20582

A server side request forgery SSRF vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information...

MipCMS 代码问题漏洞

MipCMS is an application software. A content management system based on Baidu Mobile Accelerator MIP and an SEO website building system. mipCMS 5.0.1 has a server-side request forgery vulnerability that can be exploited by attackers to access sensitive information...

CVE-2020-24141

Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the fileremote parameter to download-add.php. It can help identify open ports, local network hosts and execute...

CVE-2020-24142

Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...

WordPress Plugin Podcast Importer SecondLine 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A server-side request forgery vulnerability exists in the WordPress Podcast Importer SecondLine...

jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.

A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity XXE attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external...

Emissary 代码问题漏洞

Emissary is a P2P-based, data-driven workflow engine. Emissary suffers from a server-side request forgery vulnerability that can be exploited by an attacker to cause a credential disclosure...

CVE-2020-21788

In CRMEB 3.1.0+ strict domain name filtering leads to SSRFServer-Side Request Forgery. The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php...

Zhongbang CRMEB 代码问题漏洞

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. A security vulnerability exists in CRMEB 3.1.0+, which stems from the strict domain name filtering in CRMEB 3.1.0+ leading to SSRF Server Side Request Forgery. No detailed vulnerabili...

xmlgraphics-commons: SSRF due to improper input validation by the XMPParser

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users...

xmlgraphics-commons: SSRF due to improper input validation by the XMPParser

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users...

XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is...