GitLab CE/EE Server-Side Request Forgery Vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing a project's file contents, commit history, bug lists, and more. A server-side request forgery...

UBUNTU-CVE-2018-18646

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF...

D-LINK Central WifiManager CWM-100 Server-Side Request Forgery Vulnerability

D-LINK Central WifiManager CWM-100 is D-LINK centralized wireless management software. The MailConnect feature on the D-Link Central WiFiManager CWM-100 1.03 r0098 device is used to check connections to SMTP servers, but actually allows outbound TCP to any port on any IP address, resulting in SSR...

GitLab Kubernetes integration server-side request forgery vulnerability

GitLab is a suite of open source applications developed with Ruby on Rails that enables a self-hosted Git version control system project repository with Github-like functionality for accessing a project's file contents, commit history, bug lists, etc. The GitLab Kubernetes integration is a versio...

PT-2018-14766 · Mpdf · Mpdf

Name of the Vulnerable Software and Affected Versions: mPDF versions prior to 7.1.7 Description: The issue allows for Server-Side Request Forgery SSRF if mPDF is deployed as a web application that accepts arbitrary HTML. This can be demonstrated by an substring that triggers a call to getImage in...

Cisco WebEx Meetings Server XML External Entity Injection Vulnerability

Cisco WebEx Meetings Server is a versatile videoconferencing solution from Cisco USA. Cisco WebEx Meetings Server suffers from an XML external entity injection vulnerability, which could allow a remote, unauthenticated attacker to cause confidential data disclosure, denial of service, server-side...

Typecho Server-Side Request Forgery Vulnerability

Typecho is an open source blogging platform written in PHP. A server-side request forgery vulnerability exists in Typecho version 1.1. A remote attacker can exploit this vulnerability by sending shell commands with serialized data encoded in base64...

GHSA-7C2R-3JQF-C9RW jackson-dataformat-xml vulnerable to server side request forgery (SSRF)

Versions of jackson-dataformat-xml prior to 2.7.8 and prior to 2.8.4 allow remote attackers to conduct server-side request forgery SSRF attacks via vectors related to a DTD...

GHSA-VQ9J-JH62-5HMP Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

Description: The Validation Component of Apache Camel evaluates DTD headers of XML stream sources, although a validation against XML schemas XSD is executed. Remote attackers can use this feature to make Server-Side Request Forgery SSRF attacks by sending XML documents with remote DTDs URLs or XM...

CVE-2018-16793

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA Outlook Web Access login page...

Microsoft Windows Server ADFS Server-Side Request Forgery Vulnerability

Microsoft Active Directory Federation Services ADFS is an Active Directory Federation Service from Microsoft. The service provides Web Single Sign-On SSO technology, which enables authentication of a user to multiple websites or applications during a single session. A server-side request forgery...

CVE-2018-1789

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939...

CVE-2018-16444

An issue was discovered in SeaCMS 6.61. adm1n/adminreslib.php has SSRF via the url parameter...

SeaCMS Server-Side Request Forgery Vulnerability

SeaCMS Ocean CMS is a professional open source free PHP film and television system. There is a server-side request forgery vulnerability in adm1n/adminreslib.php in 6.61 and earlier versions of SeaCMS, which can be exploited by an attacker through the url parameter to conduct a server-side reques...

CA PPM XML External Entity Vulnerability

CA PPM is a suite of project and portfolio management software from CA USA. The software includes features such as task management, project planning, financial reporting management and resource management. An XML external entity injection vulnerability exists in the XOG functionality in CA PPM. A...

CVE-2018-13826

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks...

SAP BusinessObjects Business Intelligence Admin Tools Server-Side Request Forgery Vulnerability

SAP BusinessObjects Business Intelligence is a suite of business intelligence software and enterprise performance solutions from SAP. The product features report generation, analysis, data visualization, etc. Admin Tools is one of the management tools. A server-side request forgery vulnerability...

CVE-2018-15895

An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spidertools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an...

IBM API Connect Server-Side Request Forgery Vulnerability

IBM API Connect aka APIConnect is a set of integrated solutions for managing the API lifecycle from IBM in the United States. The solution supports creating, running, managing and protecting APIs and microservices, etc. Developer Portal is one of the developer portals. A server-side request forge...

CVE-2018-1712

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370...