9247 matches found
CVE-2020-14296
A Server-Side Request Forgery flaw was found in Red Hat CloudForms where malicious requests can be sent from the vulnerable server. An attacker with the privileges to add Ansible Tower provider could inject URLs with port details or with internal IPs to observe internal network. Mitigation...
Security Bulletin: WebSphere Application Server shipped with IBM Cloud Pak for Applications is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)
Summary WebSphere Application Server is shipped as a component of IBM Cloud Pak for Applications. Information about security vulnerabilities affecting WebSphere Application Server Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2020-4365)
Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
CVE-2020-8205
The uppy npm package 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems...
Server side request forgery (ssrf)
The uppy npm package 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems...
CVE-2020-8205
CVE-2020-8205 affects the uppy npm package prior to 1.13.2 and prior to 2.0.0-alpha.5, introducing a Server-Side Request Forgery (SSRF) vulnerability that can be used to probe local/external networks or interact with internal systems. The issue is associated with the @uppy/companion context in re...
CVE-2020-8205
The uppy npm package 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems...
Server-Side Request Forgery (SSRF)
github.com/goharbor/harbor is vulnerable to server-side request forgery SSRF. The vulnerability exists due to a legacy endpoint to test webhook, allowing an attacker with permissions to edit projects to perform a port scan of hosts within the internal network...
Oracle WebCenter Portal Multiple Vulnerabilities (Jul 2020 CPU)
Binary data oraclewebcenterportalcpujul2020.nbin...
CVE-2020-14328
A flaw was found in Ansible Tower. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest...
CVE-2020-14327
A Server-side request forgery SSRF flaw was found in Tower. Functionality on the Tower server is abused by supplying a URL that could lead to the server processing it. This flaw leads to the connection to internal services or the exposure of additional internal services by abusing the test featur...
CVE-2020-6282
SAP NetWeaver AS JAVA IIOP service SERVERCORE, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA IIOP service CORE-TOOLS, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually use...
Server side request forgery (ssrf)
SAP NetWeaver AS JAVA IIOP service SERVERCORE, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA IIOP service CORE-TOOLS, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually use...
CVE-2020-6282
CVE-2020-6282 affects SAP NetWeaver AS JAVA (IIOP service) in SERVERCORE and CORE-TOOLS across SAP NetWeaver JAVA versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. The vulnerability enables Server-Side Request Forgery (SSRF) by sending a crafted request from a vulnerable web application, typical...
TYPO3 9.x < 9.5.17 / 10.x < 10.4.2 Multiple Vulnerabilities
The version of TYPO3 installed on the remote host is 9.x prior to 9.5.17 or 10.x prior to 10.4.2. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists in Typo3's form engine component due to improper validation of user-supplied input before...
CVE-2020-14170
Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability...
Engel & Völkers Technology GmbH: XXE on www.publish.engelvoelkers.com
Summary: A XML External Entities vulnerability has been found on www.publish.engelvoelkers.com:8443. Initially a GET request was made to /dp/services and that returned a 500 Error with some XML data. Changing the HTTP request method to POST with some XML data produced a different response, so it...
Monsta FTP Server-Side Request Forgery Vulnerability
Monsta FTP is a lightweight file manager from Monsta New Zealand. It supports file transfer, file management and document editing. A server-side request forgery vulnerability exists in Monsta FTP 2.10.1 and earlier versions, which stems from the program's insufficient restriction of Web crawling...
Atlassian Jira Server-Side Request Forgery Vulnerability
Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A server-side request forgery vulnerability exists in Atlassian Jira versions prior to 8.7.0. A remote attacker can exploit this...
grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL
An SSRF incorrect access control vulnerability was found in Grafana regarding the avatar feature, allowing any unauthenticated user or client to make Grafana send HTTP requests to any URL and then return its result to the user or client. Additionally, the same issue can create a NULL pointer...