IBM Jazz Foundation 代码问题漏洞

IBM Jazz Foundation is a software development collaboration platform for IBM Rational products. A server-side request forgery vulnerability exists in IBM Jazz Foundation. An attacker could exploit this vulnerability to send unauthorized requests from the system, which could allow network...

IBM Jazz Foundation 代码问题漏洞

IBM Jazz Foundation is a software development collaboration platform for IBM Rational products. A server-side request forgery vulnerability exists in IBM Jazz Foundation. An attacker could exploit this vulnerability to send unauthorized requests from the system, which could allow network...

IBM Jazz Foundation 代码问题漏洞

IBM Jazz Foundation is a software development collaboration platform for IBM Rational products. A server-side request forgery vulnerability exists in IBM Jazz Foundation. An attacker could exploit this vulnerability to send unauthorized requests from the system, which could allow network...

CVE-2020-14327

A Server-side request forgery SSRF flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of...

CVE-2020-14328

A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in ca...

XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly...

XStream: SSRF via crafted input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

Jenkins 代码问题漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . An XML external entity...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

weblogic-scan weblogic 漏洞扫描工具 妄想试图weblogic一把梭 目前检测的功能 - x console 页面探测 & 弱口令扫描 - x uuid页面的SSRF - x CVE-2017-10271 wls-wsat页面的反序列化 - x CVE-2018-2628 反序列化 - x CNVD-C-2019-48814 后期可以的话还会继续加功能的，主要是一些反序列化的poc真的不好写，我也不咋会.. USE 使用前请先填写config.py中的server参数...

PYSEC-2021-83

Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...

Plone 代码问题漏洞

Plone is an open source content management system CMS built on the Zope application server. A server-side request forgery vulnerability exists in Plone 5.2.4 and earlier versions. An authenticated remote attacker can exploit this vulnerability to read a line in a file...

Plone 代码问题漏洞

Plone is the Plone Foundation's open source content management system running on the Zope application server. A server-side request forgery vulnerability exists in Plone 5.2.4 and earlier versions. An attacker can exploit this vulnerability to initiate a server-side request using the lxml parser...

GHSA-792R-MH2Q-P8QP Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery SSRF vulnerability. The vulnerability arises due to unsafe usage of the logouri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP reque...

CVE-2021-20535

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198834...

Ubuntu 18.04 LTS / 20.04 LTS : XStream vulnerabilities (USN-4943-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4943-1 advisory. Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by...

IBM Jazz Reporting Service 代码问题漏洞

IBM Jazz Reporting Service helps you quickly and easily integrate data from a variety of data sources across your tools and projects, and provides a set of ready-to-use reports for sharing information about your lifecycle management projects. A server-side request forgery vulnerability exists in...

Ubuntu: Security Advisory (USN-4943-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4943-1: XStream vulnerabilities

Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. This issue affected only affected Ubuntu 20.10. CVE-2020-26217 It was discovered that XStream was vulnerable to...

PT-2021-11666 · Atlassian · Confluence

Name of the Vulnerable Software and Affected Versions: Confluence Server versions prior to 7.4.8 Confluence Server versions 7.5.0 through 7.10.9 Description: The issue allows attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars...

CVE-2020-28943

OX App Suite 7.10.4 and earlier allows SSRF via a snippet...