EC-CUBE Server-Side Request Forgery Vulnerability

LOCKON EC-CUBE is an open source e-commerce website building platform developed by LOCKON Co. The platform supports product login, user evaluation, artwork layout and so on. A server-side request forgery vulnerability exists in EC-CUBE version 2.12.6en-p1, which can be exploited by remote attacke...

Server Side Request Forgery (SSRF) Vulnerability in AVTECH DVRs

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH DVR suffers from a server-side request forgery SSRF vulnerability. search.cgi provides search and access services for...

TRS Infogate Plugin SSRF Vulnerability

TRS Infogate is a general-purpose plug-in developed by TORS for application on WCM and IDS platforms of national governments, enterprises and institutions. TRS Infogate plug-in page infogate/customer/system/wcmurltest.jsp SSRF vulnerability. The page in the infogate/customer/system directory can...

Nagios XI has multiple vulnerabilities

Nagios is a free and open source host and service monitoring software. Nagios XI has multiple security vulnerabilities. Contains SQL injection, authentication bypass, execution of arbitrary code via command injection, privilege escalation, server-side request forgery, and account hijacking. These...

CVE-2016-6483

The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote...

CVE-2016-4374

HPE Release Control RC 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors...

Apache XML-RPC Server-Side Request Forgery Vulnerability

Apache XML-RPC is the United States Apache Apache Software Foundation of a simple, lightweight set of RPC communication through the HTTP protocol specification. A server-side request forgery vulnerability exists in Apache XML-RPC that allows a remote attacker to construct a malicious URI, trick a...

CVE-2016-3647

Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request...

Symantec Endpoint Protection Manager and Client Server-Side Request Forgery Vulnerability

Symantec Endpoint Protection SEP is the United States Symantec Symantec company's set of antivirus software the software can provide security across physical and virtual systems SEP Manager and Client is one of the management and client software. A server-side request forgery vulnerability exists...

CVE-2016-4371

HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery SSRF attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and...

Apache PDFBox XML External Entity Vulnerability

Apache PDFBox is the United States Apache Apache Software Foundation of an open source, Java-based and provide the creation of new PDF documents, modify existing PDF documents and other features of the tool library. Apache PDFBox version 1.8.0 to 1.8.11 and 2.0.0 version of the XML external entit...

Pulse Connect Secure Request Forgery Vulnerability

Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A security vulnerability exists in the administrator user interface of PCS. A remote attacker could exploit this vulnerability to enumerate files, read...

ImageMagick: SSRF vulnerability

A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTPS requests or opening...

CVE-2016-1373

The gadgets-integration API in Cisco Finesse 8.51 through 8.55, 8.61, 9.01, 9.02, 9.11, 9.11SU1, 9.11SU1.1, 9.11ES1 through 9.11ES5, 10.01, 10.01SU1, 10.01SU1.1, 10.51, 10.51ES1 through 10.51ES4, 10.51SU1, 10.51SU1.1, 10.51SU1.7, 10.61, 10.61SU1, 10.61SU2, and 11.01 allows remote attackers to...

UBUNTU-CVE-2016-3718

The 1 HTTP and 2 FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery SSRF attacks via a crafted image...

The vulnerability of the ColdFusion interpreter allows attackers to redirect HTTP traffic to internal servers.

The vulnerability of the Adobe BlazeDS interpreter, ColdFusion, exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to redirect HTTP traffic to internal servers using a specially crafted XML document related to a forged SSRF request...

Cisco UCS Central Software Server-Side Request Forgery Vulnerability

Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. Cisco Unified Computing System UCS Central does not properly validate user input, and an unauthenticated, remote attacker sends constructed...

Multiple Adobe Products Server-Side Request Forgery Security Bypass Vulnerabilities

Adobe ColdFusion is a dynamic Web server, its CFML is a programming language, similar to the current JSP in the JSTL. Adobe LiveCycle Data Services is the United States Odo than Adobe the company's set of deployed in the application server and the integration of the RIA applications and J2EE and...

dashbuilder: XXE/SSRF vulnerability

A flaw was found in the dashbuilder import facility: the DocumentBuilders instantiated in org.jboss.dashboard.export.ImportManagerImpl did not disable external entities. This could allow an attacker to perform a variety of XML External Entity XXE and Server-Side Request Forgery SSRF attacks...

Red Hat JBoss BPM Suite dashbuilder XML External Entity Vulnerability

Red Hat JBoss BPM Suite is a business process management platform from Red Hat, Inc. that brings together all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation and business process monitoring. An XML external entity vulnerability exists in t...