Lucene search
K

9247 matches found

Packet Storm
Packet Storm
added 2020/09/16 12:0 a.m.545 views

Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Acronis Cyber Backup Vendor URL: https://www.acronis.com Type: Server-Side Request Forgery CWE-918 Date found: 2020-07-30 Date published: 2020-09-14 CVSSv3 Score: 8.3...

0.1AI score0.05505EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/15 5:17 p.m.24 views

Security Bulletin: Vulnerability in Apache Batik library affects IBM Cúram Social Program Management (CVE-2019-17566)

Summary IBM Cúram Social Program Management uses Apache Batik libraries, for which there is a publicly known vulnerability. Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. Vulnerability Details CVEID: CVE-2019-17566...

7.5CVSS1.5AI score0.1074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/08 7:56 p.m.23 views

Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

Summary There are multiple security vulnerabilities that affect the IBM WebSphere Application Server in the IBM Cloud. WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability. WebSphere Application Server is vulnerable to a remote code execution...

10CVSS1AI score0.13227EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/09/04 3:21 p.m.14 views

GHSA-5P98-WPC9-G498 Server-Side Request Forgery in html-pdf-chrome

Recommendation This package is working as intended. A Security section has been added since v0.6.1 to detail proper usage of this library. Npm has revoked their advisory altogether. Original Advisory All versions of html-pdf-chrome are vulnerable to Server-Side Request Forgery SSRF. The package...

6.9AI score
Exploits0References3
Prion
Prion
added 2020/09/04 2:15 p.m.18 views

Server side request forgery (ssrf)

IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control server requests. IBM X-Force ID: 185416...

4CVSS6.1AI score0.00924EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/03 3:51 p.m.19 views

GHSA-MM7R-265W-JV6F Server-Side Request Forgery in @uppy/companion

Versions of @uppy/companion prior to 1.9.3 are vulnerable to Server-Side Request Forgery SSRF. The get route passes the user-controlled variable req.body.url to a GET request without sanitizing the value. This allows attackers to inject arbitrary URLs and make GET requests on behalf of the server...

9.8CVSS9.4AI score0.01328EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2020/09/03 3:51 p.m.32 views

Server-Side Request Forgery in @uppy/companion

Versions of @uppy/companion prior to 1.9.3 are vulnerable to Server-Side Request Forgery SSRF. The get route passes the user-controlled variable req.body.url to a GET request without sanitizing the value. This allows attackers to inject arbitrary URLs and make GET requests on behalf of the server...

9.8CVSS5.6AI score0.01328EPSS
Exploits1References4Affected Software1
OpenVAS
OpenVAS
added 2020/08/31 12:0 a.m.13 views

osTicket < 1.14.3 Multiple Vulnerabilities

osTicket is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

9.8CVSS6.3AI score0.73267EPSS
Exploits3References4
OSV
OSV
added 2020/08/29 8:15 p.m.3 views

CVE-2020-24898

The Table Filter and Charts for Confluence Server app before 5.3.26 for Atlassian Confluence allows SSRF via the "Table from CSV" macro URL parameter...

6.5CVSS6.6AI score0.00665EPSS
Exploits0References1
CVE
CVE
added 2020/08/28 2:45 p.m.71 views

CVE-2020-9298

CVE-2020-9298 concerns the Spinnaker template resolution feature, which is vulnerable to Server-Side Request Forgery (SSRF) . The provided connected documents confirm that the vulnerability affects the Spinnaker template resolution functionality, enabling an attacker to send requests on behalf of...

7.5CVSS7.3AI score0.01349EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/27 7:29 p.m.25 views

Security Bulletin: WebSphere Application Server which is a component of IBM Cloud Pak for Applications is vulnerable to a server-side request forgery vulnerability in the Apache Batik library (CVE-2019-17566)

Summary WebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS2.4AI score0.1074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/26 2:55 p.m.21 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2020-4365)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

2.8AI score0.01398EPSS
Exploits0Affected Software1
Exploit DB
Exploit DB
added 2020/08/26 12:0 a.m.521 views

Ericom Access Server x64 9.2.0 - Server-Side Request Forgery

Exploit Title: Ericom Access Server x64 9.2.0 - Server-Side Request Forgery Date: 2020-08-22 Exploit Author: hyp3rlinx Vendor Homepage: www.ericom.com Version: Ericom Access Server x64 for AccessNow & Ericom Blaze v9.2.0 CVE: CVE-2020-24548 + Credits: John Page aka hyp3rlinx + Website:...

5.3CVSS5.4AI score0.01689EPSS
Exploits4
Prion
Prion
added 2020/08/24 4:15 p.m.12 views

Server side request forgery (ssrf)

PRODUCT NOT SUPPORTED WHEN ASSIGNED A Server-Side Request Forgery SSRF vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in...

6.5CVSS7.3AI score0.03219EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/08/24 3:34 p.m.21 views

CVE-2020-14044

PRODUCT NOT SUPPORTED WHEN ASSIGNED A Server-Side Request Forgery SSRF vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in...

7.4AI score0.03219EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/24 12:29 p.m.26 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2020-4365)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

2.6AI score0.01398EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/08/21 6:15 p.m.18 views

CVE-2020-5775

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains...

5.8CVSS5.8AI score0.06531EPSS
Exploits1References1
Prion
Prion
added 2020/08/21 6:15 p.m.15 views

Server side request forgery (ssrf)

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains...

5CVSS5.7AI score0.06531EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/08/21 5:36 p.m.21 views

CVE-2020-5775

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains...

5.8AI score0.06531EPSS
Exploits1References1
CVE
CVE
added 2020/08/21 5:36 p.m.82 views

CVE-2020-5775

Canvas LMS 2020-07-29 is exposed to a blind Server-Side Request Forgery (SSRF) that allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. The vulnerability potentially enables access to sensitive information, data modification...

5.8CVSS5.7AI score0.06531EPSS
In wildExploits1References1Affected Software1
Rows per page
Query Builder