DEBIAN-CVE-2020-11987

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

UBUNTU-CVE-2020-11987

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

UBUNTU-CVE-2020-11988

Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users...

CVE-2021-21973

The vSphere Client HTML5 contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information...

Apache XmlGraphics Commons 代码问题漏洞

Apache XmlGraphics Commons is Apach open source a system library . Provides several reusable libraries. Apache XmlGraphics Commons 2.4 suffers from a server-side request forgery vulnerability that stems from the failure of XMPParser to properly validate inputs, which can be exploited by an attack...

Apache Batik 代码问题漏洞

Apache Batik is Apach open source a system library . Provides scalable vector graphics SVG format images for various purposes applications or applets. Apache Batik version 1.13 suffers from a server-side request forgery vulnerability, which is caused by a failure of NodePanel to properly validate...

Owncloud 代码问题漏洞

Owncloud OwnCloud is a suite of personal cloud storage solutions from OwnCloud USA. A code issue vulnerability exists in OwnCloud that stems from a server-side request forgery vulnerability in the service. No detailed vulnerability details are available at this time...

PYSEC-2021-146

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

UBUNTU-CVE-2020-28463

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

ReportLab 代码问题漏洞

ReportLab is a Danish ReportLab company for the creation of data-driven PDF documents and custom vector graphics open source engine . A security vulnerability exists in Reportlab. The vulnerability stems from a server-side request forgery vulnerability that can be triggered by img tags. Currently...

Accellion FTA 代码问题漏洞

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. A server-side request forgery vulnerability exists in Accellion FTA 912411 and earlier versions. An attacker can exploit this...

Server-side Request Forgery (SSRF)

Overview github.com/pterodactyl/wings/router/downloader is a Wings is Pterodactyl's server control plane, built for the rapidly changing gaming industry and designed to be highly performant and secure. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. It is...

DEBIAN-CVE-2021-21311

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers e.g. adminer.php are affected. This is fixed in version 4.7.9...

UBUNTU-CVE-2021-21311

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers e.g. adminer.php are affected. This is fixed in version 4.7.9...

CVE-2021-21311 SSRF in adminer

Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers e.g. adminer.php are affected. This is fixed in version 4.7.9...

PT-2021-14409

Name of the Vulnerable Software and Affected Versions: Adminer versions 4.0.0 through 4.7.9 Description: Adminer is an open-source database management in a single PHP file. There is a server-side request forgery vulnerability in Adminer versions bundling all drivers, such as adminer.php. This iss...

Server-Side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF via the download feature. This allows attackers to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform...

DEBIAN-CVE-2021-21288

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for...

The vulnerability of the session verification function of the Cisco Data Center Network Manager (DCNM) allows a attacker to perform an SSRF attack.

The vulnerability of the session verification function in Cisco Data Center Network Manager DCNM is related to errors in handling HTTP requests. Exploiting this vulnerability can allow a malicious actor to perform an SSRF attack remotely...

CVE-2021-25241

A server-side request forgery SSRF information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep...