9247 matches found
Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Acronis Cyber Backup Vendor URL: https://www.acronis.com Type: Server-Side Request Forgery CWE-918 Date found: 2020-07-30 Date published: 2020-09-14 CVSSv3 Score: 8.3...
Security Bulletin: Vulnerability in Apache Batik library affects IBM Cúram Social Program Management (CVE-2019-17566)
Summary IBM Cúram Social Program Management uses Apache Batik libraries, for which there is a publicly known vulnerability. Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. Vulnerability Details CVEID: CVE-2019-17566...
Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud
Summary There are multiple security vulnerabilities that affect the IBM WebSphere Application Server in the IBM Cloud. WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability. WebSphere Application Server is vulnerable to a remote code execution...
GHSA-5P98-WPC9-G498 Server-Side Request Forgery in html-pdf-chrome
Recommendation This package is working as intended. A Security section has been added since v0.6.1 to detail proper usage of this library. Npm has revoked their advisory altogether. Original Advisory All versions of html-pdf-chrome are vulnerable to Server-Side Request Forgery SSRF. The package...
Server side request forgery (ssrf)
IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416...
GHSA-MM7R-265W-JV6F Server-Side Request Forgery in @uppy/companion
Versions of @uppy/companion prior to 1.9.3 are vulnerable to Server-Side Request Forgery SSRF. The get route passes the user-controlled variable req.body.url to a GET request without sanitizing the value. This allows attackers to inject arbitrary URLs and make GET requests on behalf of the server...
Server-Side Request Forgery in @uppy/companion
Versions of @uppy/companion prior to 1.9.3 are vulnerable to Server-Side Request Forgery SSRF. The get route passes the user-controlled variable req.body.url to a GET request without sanitizing the value. This allows attackers to inject arbitrary URLs and make GET requests on behalf of the server...
osTicket < 1.14.3 Multiple Vulnerabilities
osTicket is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
CVE-2020-24898
The Table Filter and Charts for Confluence Server app before 5.3.26 for Atlassian Confluence allows SSRF via the "Table from CSV" macro URL parameter...
CVE-2020-9298
CVE-2020-9298 concerns the Spinnaker template resolution feature, which is vulnerable to Server-Side Request Forgery (SSRF) . The provided connected documents confirm that the vulnerability affects the Spinnaker template resolution functionality, enabling an attacker to send requests on behalf of...
Security Bulletin: WebSphere Application Server which is a component of IBM Cloud Pak for Applications is vulnerable to a server-side request forgery vulnerability in the Apache Batik library (CVE-2019-17566)
Summary WebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2020-4365)
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...
Ericom Access Server x64 9.2.0 - Server-Side Request Forgery
Exploit Title: Ericom Access Server x64 9.2.0 - Server-Side Request Forgery Date: 2020-08-22 Exploit Author: hyp3rlinx Vendor Homepage: www.ericom.com Version: Ericom Access Server x64 for AccessNow & Ericom Blaze v9.2.0 CVE: CVE-2020-24548 + Credits: John Page aka hyp3rlinx + Website:...
Server side request forgery (ssrf)
PRODUCT NOT SUPPORTED WHEN ASSIGNED A Server-Side Request Forgery SSRF vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in...
CVE-2020-14044
PRODUCT NOT SUPPORTED WHEN ASSIGNED A Server-Side Request Forgery SSRF vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2020-4365)
Summary IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
CVE-2020-5775
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains...
Server side request forgery (ssrf)
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains...
CVE-2020-5775
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains...
CVE-2020-5775
Canvas LMS 2020-07-29 is exposed to a blind Server-Side Request Forgery (SSRF) that allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. The vulnerability potentially enables access to sensitive information, data modification...