DEBIAN-CVE-2016-6621

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

UBUNTU-CVE-2016-6621

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

phpMyAdmin Server-Side Request Forgery Security Bypass Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security bypass vulnerability exists in phpMyAdmin...

DEBIAN-CVE-2016-7999

ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...

Splunk Enterprise Server-Side Request Forgery Vulnerability

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. A request forgery vulnerability exists on the server side of Splunk Enterprise. An attacker could use this vulnerability to bypass security restrictions and perform unauthorized operations...

Serendipity SSRF Security Restriction Bypass Vulnerability

Serendipity is the scalable PHP-powered weblog engine. Serendipity suffers from a Security Restriction Bypass vulnerability that allows an attacker to bypass SSRF protection via a malformed IP address or 30x HTTP status code...

Piwik PHP Object Injection Vulnerability

Piwik formerly known as phpMyVisites is an open source website access statistics system based on PHP5 and MySQL. A security vulnerability exists in the 'saveLayout' function in the /plugins/Dashboard/Controller.php script in Piwik 2.16.0 and earlier versions. A remote attacker can exploit this...

EC-CUBE Server-Side Request Forgery Vulnerability

LOCKON EC-CUBE is an open source e-commerce website building platform developed by LOCKON Co. The platform supports product login, user evaluation, artwork layout and so on. A server-side request forgery vulnerability exists in EC-CUBE version 2.12.6en-p1, which can be exploited by remote attacke...

Server Side Request Forgery (SSRF) Vulnerability in AVTECH DVRs

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH DVR suffers from a server-side request forgery SSRF vulnerability. search.cgi provides search and access services for...

TRS Infogate Plugin SSRF Vulnerability

TRS Infogate is a general-purpose plug-in developed by TORS for application on WCM and IDS platforms of national governments, enterprises and institutions. TRS Infogate plug-in page infogate/customer/system/wcmurltest.jsp SSRF vulnerability. The page in the infogate/customer/system directory can...

Nagios XI has multiple vulnerabilities

Nagios is a free and open source host and service monitoring software. Nagios XI has multiple security vulnerabilities. Contains SQL injection, authentication bypass, execution of arbitrary code via command injection, privilege escalation, server-side request forgery, and account hijacking. These...

CVE-2016-6483

The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote...

CVE-2016-4374

HPE Release Control RC 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors...

Apache XML-RPC Server-Side Request Forgery Vulnerability

Apache XML-RPC is the United States Apache Apache Software Foundation of a simple, lightweight set of RPC communication through the HTTP protocol specification. A server-side request forgery vulnerability exists in Apache XML-RPC that allows a remote attacker to construct a malicious URI, trick a...

CVE-2016-3647

Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request...

Symantec Endpoint Protection Manager and Client Server-Side Request Forgery Vulnerability

Symantec Endpoint Protection SEP is the United States Symantec Symantec company's set of antivirus software the software can provide security across physical and virtual systems SEP Manager and Client is one of the management and client software. A server-side request forgery vulnerability exists...

CVE-2016-4371

HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery SSRF attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and...

Apache PDFBox XML External Entity Vulnerability

Apache PDFBox is the United States Apache Apache Software Foundation of an open source, Java-based and provide the creation of new PDF documents, modify existing PDF documents and other features of the tool library. Apache PDFBox version 1.8.0 to 1.8.11 and 2.0.0 version of the XML external entit...

Pulse Connect Secure Request Forgery Vulnerability

Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A security vulnerability exists in the administrator user interface of PCS. A remote attacker could exploit this vulnerability to enumerate files, read...

ImageMagick: SSRF vulnerability

A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTPS requests or opening...