CVE-2021-25241

A server-side request forgery SSRF information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep...

OESA-2021-1015 xstream security update

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

Trend Micro OfficeScan XG 和 Trend Micro Worry-Free Business Security 代码问题漏洞

Trend Micro OfficeScan XG and Trend Micro Worry-Free Business Security are both products of Trend Micro, Inc.Trend Micro OfficeScan XG is a distributed anti-virus software.Trend Micro Worry-Free Business Security is an enterprise-class information security solution. Worry-Free Business Security i...

Trend Micro Apex One和Trend Micro Worry-Free Business Security 代码问题漏洞

Trend Micro Apex One and Trend Micro Worry-Free Business Security are both products of Trend Micro, Inc.Trend Micro Apex One is a suite of endpoint security software that provides automated threat detection and response.Trend Micro Worry-Free Business Security is an enterprise-class information...

jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks

A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...

PT-2021-14390 · Minio +1 · Minio +1

Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2021-01-30T00-20-58Z Description: The issue is related to a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or...

Ubuntu 18.04 LTS / 20.04 LTS : XStream vulnerabilities (USN-4714-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4714-1 advisory. Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by...

Ubuntu: Security Advisory (USN-4714-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4714-1: XStream vulnerabilities

Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. CVE-2020-26217 It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could...

USN-4714-1 libxstream-java vulnerabilities

Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code execution. A remote attacker could run arbitrary shell commands by manipulating the processed input stream. CVE-2020-26217 It was discovered that XStream was vulnerable to server-side forgery attacks. A remote attacker could...

CVE-2020-4786

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other...

IBM QRadar SIEM 代码问题漏洞

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A server-side...

Exploit for OS Command Injection in Apache Struts

CVE-2020-26259 CVE-2020-26259: XStream1.4.14 is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights. https://x-stream.github.io/CVE-2020-26259.html XStream 1.4.14 pom.xml com.thoughtworks.xstream xstream 1.4.14 poc...

CVE-2021-1272

A vulnerability in the session validation feature of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. This vulnerability is due to insufficient validation of...

jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks

A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...

CVE-2021-21009

Adobe Campaign Classic Gold Standard 10 and earlier, 20.3.1 and earlier, 20.2.3 and earlier, 20.1.3 and earlier, 19.2.3 and earlier and 19.1.7 and earlier are affected by a server-side request forgery SSRF vulnerability. Successful exploitation could allow an attacker to use the Campaign instance...

Adobe Campaign Classic Server-Side Request Forgery Vulnerability

Adobe Campaign Classic ACC is a suite of cross-channel customer experience marketing platforms from the American company Audobee Adobe. A server-side request forgery vulnerability exists in Adobe Campaign Classic. An attacker could exploit this vulnerability to obtain sensitive information...

CVE-2020-24700

OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring...

Open-xchange OX App Suite 代码问题漏洞

OX App Suite is a modular platform designed for telcos, hosting companies and vendors to deliver a wide range of cloud-based services. A server-side request forgery vulnerability exists in OX App Suite 7.10.4. An attacker can exploit this vulnerability to conduct a server-side request forgery...

CVE-2020-35205

Server Side Request Forgery SSRF in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...