9247 matches found
CVE-2020-15152
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...
CVE-2020-15152
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...
Server side request forgery (ssrf)
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...
CVE-2020-15152 Server-Side Request Forgery in ftp-srv
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...
CVE-2020-15152
CVE-2020-15152 affects the ftp-srv npm package. It allows Server-Side Request Forgery via the PORT command, enabling the server to connect to arbitrary IPs. Affected versions are before 2.19.6, 3.1.2, and 4.3.4. Remediation: upgrade to 2.19.6, 3.1.2, 4.3.4 or later. A workaround noted in advisori...
PT-2020-20038 · Phpbb · Phpbb
Name of the Vulnerable Software and Affected Versions: phpBB versions prior to 3.2.10 phpBB versions prior to 3.3.1 Description: A vulnerability exists that allows the remote image dimensions check to be used for Server-Side Request Forgery SSRF. Recommendations: For versions prior to 3.2.10,...
GHSA-9M4X-8W29-R78G Server-Side Request Forgery in @uppy/companion
The @uppy/companion npm package before versions 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems...
Server-Side Request Forgery in @uppy/companion
The @uppy/companion npm package before versions 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems...
CVE-2020-13286
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery...
CVE-2020-13286
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery...
CVE-2020-13286
CVE-2020-13286 affects GitLab before 13.0.12, 13.1.6, and 13.2.3. The issue allows attackers to modify user-controlled git configuration settings, leading to a Server-Side Request Forgery (SSRF). The root cause is not elaborated beyond the described configuration manipulation. Exploitation detail...
CVE-2020-13286
Removed by vendor...
Server side request forgery (ssrf)
Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery SSRF flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible...
CVE-2020-14296
Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery SSRF flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible...
CVE-2020-14296
CVE-2020-14296 affects Red Hat CloudForms 4.7 and 5 with a Server-Side Request Forgery (SSRF) flaw exposed when adding an Ansible Tower provider. The issue allows an attacker to issue crafted requests from the vulnerable CloudForms server to scan or attack internal systems not normally accessible...
CVE-2020-16248
Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability...
Server side request forgery (ssrf)
JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports...
CloudForms: Server-Side Request Forgery (SSRF) in Ansible Tower Provider
A Server-Side Request Forgery flaw was found in Red Hat CloudForms where malicious requests can be sent from the vulnerable server. An attacker with the privileges to add Ansible Tower provider could inject URLs with port details or with internal IPs to observe internal network...
RHEL 8 : CloudForms 5.0.7 update (Critical) (RHSA-2020:3358)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3358 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...
Openfire < 4.4.3 Multiple Vulnerabilities
Openfire is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:igniterealtime:openfire";...