7462 matches found
CVE-2021-41385
The third party intelligence connector in Securonix SNYPR 6.3.1 Build 1842950302 allows an authenticated user to obtain access to server configuration details via SSRF...
CVE-2021-41586
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password...
PT-2021-23350 · Gradle · Gradle Enterprise
Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions prior to 2021.1.3 Description: The issue allows an attacker with the ability to perform Server-Side Request Forgery SSRF attacks to potentially discover credentials for other resources. SSRF is a type of attack wher...
Gradle 代码问题漏洞
Gradle Enterprise improves developer productivity by accelerating builds, improving build reliability, and speeding up build debugging.A server-side request forgery vulnerability exists in versions of Gradle Enterprise prior to 2021.1.3. An attacker could use this vulnerability to discover...
CVE-2021-21993
The vCenter Server contains an SSRF Server Side Request Forgery vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library may exploit this issue by sending a POST request to vCenter Server leading to information disclosur...
Gopherus
This is an analysis of the provided repository, specifically focusing on the Gopherus tool. Classification: The Gopherus tool is a proof-of-concept exploit for various vulnerabilities, including SSRF Server-Side Request Forgery and RCE Remote Code Execution. Primary Vulnerability: The primary...
Discourse 代码问题漏洞
Discourse is an open source community discussion platform. The platform includes community, email and chat room features.Discourse in versions 2.3.2 and 2.6 has a server-side request forgery vulnerability that can be exploited by attackers to upload images from remote websites when writing emails...
CVE-2021-39339
The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the /bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0...
WordPress 插件 代码问题漏洞
WordPress Plugin is an open source application plugin for WordPress. A code issue vulnerability exists in the WordPress plugin, which stems from a user-supplied URL request value being invoked by a curl request, making the Telefication plugin susceptible to open proxies and server-side request...
CVE-2021-37419
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF...
Vmware VMware vCenter Server 代码问题漏洞
Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. vCenter Server is vulnerable to...
ADSelfService Plus 代码问题漏洞
Zoho ManageEngine ADSelfService Plus is a web-based self-service application that enables end-users to perform tasks such as password reset, account unlocking, profile information update, etc. without relying on the help desk. A server-side request forgery vulnerability exists in Zoho ManageEngin...
GHSA-6Q3P-36F4-CWXV Server-Side Request Forgery in UReport
UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...
Apache HTTP Server 代码问题漏洞
Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server in version 2.4.48 and earlier is vulnerable to server-side request forgery, which stems from a failure of the modproxy module to properly validate user input and can be exploited to forward requests to ...
CVE-2021-33690
Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the...
CVE-2021-30137
Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points...
The vulnerability of the import function implementation (/wp-admin/tools.php?page=rsvpmaker_export_screen) of the RSVPMaker plugin for WordPress content management system allows a hacker to perform an SSRF attack.
The vulnerability of the import function implementation /wp-admin/tools.php?page=rsvpmakerexportscreen of the RSVPMaker plugin for WordPress’s content management system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to perfo...
Server-side Request Forgery (SSRF)
Overview ssrf-agent is a prevent SSRF in https request Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the defaultIpChecker function. It fails to properly validate if the IP requested is private. PoC by Sayooj B Kumar // run a service on your localhost con...
EyouCms代码问题漏洞
EyouCms is a free and open source enterprise content management system based on the TP5.0 framework and focused on the needs of enterprise website builders.EyouCMS version 1.5.4 is vulnerable to server-side request forgery. The vulnerability stems from the lack of validation of input data in...
Misskey 代码问题漏洞
Misskey is a micro-blogging platform, and a code issue vulnerability exists in Misskey due to a server-side request forgery vulnerability in the software's "upload from URL" and remote attachment handling. This could lead to the disclosure of non-public information on the intranet. No details of...