CVE-2021-29145

A remote server side request forgery SSRF remote code execution vulnerability was discovered in Aruba ClearPass Policy Manager versions prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability...

Aruba ClearPass Policy Manager 代码问题漏洞

Aruba ClearPass Policy Manager is an application that provides a secure access management system for wireless networks.Aruba ClearPass Policy Manager is vulnerable to server-side request forgery, which can be exploited by remote attackers to submit ad hoc requests that can obtain sensitive...

Group Office CRM 代码问题漏洞

Group Office CRM is an enterprise CRM and component tool with email client, shared projects, calendar, documents and more. A server-side request forgery vulnerability exists in Group Office CRM version 6.4.196, which can be exploited by a remote attacker to forge a GET request to any URL via the...

DEBIAN-CVE-2021-27905

The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability,...

UBUNTU-CVE-2021-27905

The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability,...

OESA-2021-1134 batik security update

Batik is an inline templating engine for CoffeeScript, inspired by CoffeeKup, that lets you write your template directly as a CoffeeScript function. Security Fixes: Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using...

Wcms 代码问题漏洞

WCMS is a content management system CMS. A server-side request forgery vulnerability exists in Wcms version 0.3.2, where an attacker sends a crafted request/html.php file to wex from the back-end server of a vulnerable web application via the pagename parameter. It can help to identify open ports...

The vulnerability of the Accellion FTA security system, which stems from insufficiently validated incoming requests, allows a perpetrator to carry out a SSRF attack and gain unauthorized access to protected information.

The vulnerability of the Accellion FTA security system is related to insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack and gain unauthorized access to protected information through specially created POST requests...

CVE-2021-24150

The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery SSRF...

WordPress Like Button Rating 代码问题漏洞

WordPress Like Button Rating is a WordPress open source application. Fully customizable "Cool" button to add "Like" button. A security vulnerability exists in WordPress Like Button Rating 2.6.32, which stems from vulnerability to unauthenticated full-read server-side request forgery SSRF attacks...

Atlassian Confluence Server and Confluence 代码问题漏洞

Atlassian Confluence Server and Atlassian Confluence are both products of Atlassian Australia.Atlassian Confluence Server is the server version of a suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. Atlassian Confluence is ...

sunkaifei FlyCM 代码问题漏洞

sunkaifei FlyCms is sunkaifei open source application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social network building program . sunkaifei FlyCM has a security vulnerability , the vulnerability stems from ImagesService.java saveUrlAs function has a...

PT-2021-16939

Name of the Vulnerable Software and Affected Versions Confluence Server versions prior to 5.8.6 Confluence Data Center versions prior to 5.8.6 Description The issue allows remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery SSRF...

Vulnerability fixed in netmask

Netmask is a widely used component in various open source projects. This component contains a vulnerability. By incorrectly processing ipv4 addresses, attacks such as server-side request forgery SSRF, remote file inclusion RFI and local file inclusion LFI are made possible. The makers of Netmask...

VMware vRealize Operations 代码问题漏洞

VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid and multi-cloud environments that delivers IT operations management on autopilot. A server-side request forgery vulnerability in the VMware vRealize Operations Manager API prior to...

UBUNTU-CVE-2021-22179

A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attack through the Outbound Requests feature...

CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...

GitLab 代码问题漏洞

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. GitLab suffers from a server-side request forgery vulnerability that can be exploited via Prometheu...

PT-2021-14891 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 12.2 Description: A vulnerability was discovered in GitLab that made it susceptible to a Server-Side Request Forgery SSRF attack. The attack was possible through the Outbound Requests feature. Recommendations: For...

PT-2021-14890 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.2 and later Description: An issue has been discovered in GitLab, making it vulnerable to a Server-Side Request Forgery SRRF attack through the Prometheus integration. Recommendations: For GitLab versions 13.2 and later, at...