7149 matches found
UBUNTU-CVE-2016-3718
The 1 HTTP and 2 FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery SSRF attacks via a crafted image...
The vulnerability of the ColdFusion interpreter allows attackers to redirect HTTP traffic to internal servers.
The vulnerability of the Adobe BlazeDS interpreter, ColdFusion, exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to redirect HTTP traffic to internal servers using a specially crafted XML document related to a forged SSRF request...
Cisco UCS Central Software Server-Side Request Forgery Vulnerability
Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. Cisco Unified Computing System UCS Central does not properly validate user input, and an unauthenticated, remote attacker sends constructed...
Multiple Adobe Products Server-Side Request Forgery Security Bypass Vulnerabilities
Adobe ColdFusion is a dynamic Web server, its CFML is a programming language, similar to the current JSP in the JSTL. Adobe LiveCycle Data Services is the United States Odo than Adobe the company's set of deployed in the application server and the integration of the RIA applications and J2EE and...
dashbuilder: XXE/SSRF vulnerability
A flaw was found in the dashbuilder import facility: the DocumentBuilders instantiated in org.jboss.dashboard.export.ImportManagerImpl did not disable external entities. This could allow an attacker to perform a variety of XML External Entity XXE and Server-Side Request Forgery SSRF attacks...
Red Hat JBoss BPM Suite dashbuilder XML External Entity Vulnerability
Red Hat JBoss BPM Suite is a business process management platform from Red Hat, Inc. that brings together all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation and business process monitoring. An XML external entity vulnerability exists in t...
dashbuilder: XXE/SSRF vulnerability
A flaw was found in the dashbuilder import facility: the DocumentBuilders instantiated in org.jboss.dashboard.export.ImportManagerImpl did not disable external entities. This could allow an attacker to perform a variety of XML External Entity XXE and Server-Side Request Forgery SSRF attacks...
DEBIAN-CVE-2013-2199
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery SSRF issue, a similar vulnerability to CVE-2013-0235...
DEBIAN-CVE-2013-0235
The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery SSRF issue...