PT-2020-19558 · Mcafee · Mcafee Mvision Endpoint

Name of the Vulnerable Software and Affected Versions: McAfee MVISION Endpoint versions prior to 20.11 Description: A server-side request forgery issue exists, allowing remote attackers to trigger server-side DNS requests to arbitrary domains. This is achieved by loading carefully constructed XML...

CVE-2020-26815

SAP Fiori Launchpad News tile Application, versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external...

CVE-2020-27018

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's web server and grant access to web resources or parts of local files. An attacker must already have...

PT-2023-25158 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.9 to 3.9.21 Moodle versions 3.11 to 3.11.14 Moodle versions 4.0 to 4.0.8 Moodle versions 4.1 to 4.1.3 Moodle version 4.2 Description: The issue is related to the logic used to check 0.0.0.0 against the cURL blocked hosts...

DEBIAN-CVE-2020-28168

Axios NPM package 0.21.0 contains a Server-Side Request Forgery SSRF vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address...

UBUNTU-CVE-2020-28168

Axios NPM package 0.21.0 contains a Server-Side Request Forgery SSRF vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address...

batik: SSRF via "xlink:href"

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...

osTicket Server-Side Request Forgery Vulnerability

osTicket is a widely used and trusted open source work order support ticket system. A server-side request forgery vulnerability exists in osTicket versions prior to 1.14.3. An attacker can exploit this vulnerability to add malicious files to the server or perform port scans...

XML Entity Injection Vulnerability in the JeewxBoot WeChat Butler Platform

JeewxBoot WeChat Butler Platform is a free JAVA WeChat Butler Platform that supports WeChat public number, small program, WeChat third-party platforms, sweepstakes and so on. JeewxBoot WeChat Butler Platform suffers from an XML entity injection vulnerability, which can be exploited by attackers t...

Gophish Server-Side Cross-Site Request Forgery Vulnerability

Gophish is a powerful open source phishing framework. A server-side cross-site request forgery vulnerability exists in Gophish versions prior to 0.11.0. No detailed vulnerability details are provided at this time...

Open-Xchange OX App Suite Server-Side Request Forgery Vulnerability

Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. A server-side request forgery vulnerability exists in OX App Suite 7.10.3 and earlier versions. An attacker can...

Aruba Airwave Software Server-Side Request Forgery Vulnerability

Aruba Airwave Software is a network monitoring software that helps users view real-time data and situational reports for every user, device, and segment of the network. A server-side request forgery vulnerability exists in Aruba Airwave Software versions prior to 1.3.2, which allows an attacker t...

PT-2020-14384 · Pulse · Pulse Connect Secure +1

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R9 Pulse Policy Secure versions prior to 9.1R9 Description: The issue allows remote authenticated admins to conduct server-side request forgery attacks via a crafted DTD in an XML request. This is due...

CVE-2020-15002

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API...

CVE-2020-15002

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API...

BigBlueButton Server-Side Request Forgery Vulnerability

BigBlueButton is BigBlueButton community of a set of open source Web conferencing system . A server-side request forgery vulnerability exists in versions prior to BigBlueButton 2.2.7 that allows an attacker to read a local file and perform an SSRF attack via an uploaded Office document with a...

osm-static-maps code injection vulnerability

osm-static-maps is a Google-like static maps Npm library for individual developers. An injection vulnerability exists in all versions of osm-static-maps, where user input provided to the package is passed directly to the template and fails to be escaped. An attacker can exploit this vulnerability...

CVE-2020-6308

SAP BusinessObjects Business Intelligence Platform Web Services versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker c...

CVE-2020-15822

In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped...

CVE-2020-27197

TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library...