Symantec Endpoint Protection Manager and Client Server-Side Request Forgery Vulnerability

Symantec Endpoint Protection SEP is the United States Symantec Symantec company's set of antivirus software the software can provide security across physical and virtual systems SEP Manager and Client is one of the management and client software. A server-side request forgery vulnerability exists...

CVE-2016-4371

HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery SSRF attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and...

Apache PDFBox XML External Entity Vulnerability

Apache PDFBox is the United States Apache Apache Software Foundation of an open source, Java-based and provide the creation of new PDF documents, modify existing PDF documents and other features of the tool library. Apache PDFBox version 1.8.0 to 1.8.11 and 2.0.0 version of the XML external entit...

Pulse Connect Secure Request Forgery Vulnerability

Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A security vulnerability exists in the administrator user interface of PCS. A remote attacker could exploit this vulnerability to enumerate files, read...

ImageMagick: SSRF vulnerability

A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTPS requests or opening...

CVE-2016-1373

The gadgets-integration API in Cisco Finesse 8.51 through 8.55, 8.61, 9.01, 9.02, 9.11, 9.11SU1, 9.11SU1.1, 9.11ES1 through 9.11ES5, 10.01, 10.01SU1, 10.01SU1.1, 10.51, 10.51ES1 through 10.51ES4, 10.51SU1, 10.51SU1.1, 10.51SU1.7, 10.61, 10.61SU1, 10.61SU2, and 11.01 allows remote attackers to...

UBUNTU-CVE-2016-3718

The 1 HTTP and 2 FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery SSRF attacks via a crafted image...

The vulnerability of the ColdFusion interpreter allows attackers to redirect HTTP traffic to internal servers.

The vulnerability of the Adobe BlazeDS interpreter, ColdFusion, exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to redirect HTTP traffic to internal servers using a specially crafted XML document related to a forged SSRF request...

Cisco UCS Central Software Server-Side Request Forgery Vulnerability

Cisco Unified Computing System Manager provides unified, embedded management of all hardware and software components within a unified computing system. Cisco Unified Computing System UCS Central does not properly validate user input, and an unauthenticated, remote attacker sends constructed...

Multiple Adobe Products Server-Side Request Forgery Security Bypass Vulnerabilities

Adobe ColdFusion is a dynamic Web server, its CFML is a programming language, similar to the current JSP in the JSTL. Adobe LiveCycle Data Services is the United States Odo than Adobe the company's set of deployed in the application server and the integration of the RIA applications and J2EE and...

dashbuilder: XXE/SSRF vulnerability

A flaw was found in the dashbuilder import facility: the DocumentBuilders instantiated in org.jboss.dashboard.export.ImportManagerImpl did not disable external entities. This could allow an attacker to perform a variety of XML External Entity XXE and Server-Side Request Forgery SSRF attacks...

Red Hat JBoss BPM Suite dashbuilder XML External Entity Vulnerability

Red Hat JBoss BPM Suite is a business process management platform from Red Hat, Inc. that brings together all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation and business process monitoring. An XML external entity vulnerability exists in t...

dashbuilder: XXE/SSRF vulnerability

A flaw was found in the dashbuilder import facility: the DocumentBuilders instantiated in org.jboss.dashboard.export.ImportManagerImpl did not disable external entities. This could allow an attacker to perform a variety of XML External Entity XXE and Server-Side Request Forgery SSRF attacks...

DEBIAN-CVE-2013-2199

The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery SSRF issue, a similar vulnerability to CVE-2013-0235...

DEBIAN-CVE-2013-0235

The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery SSRF issue...