Lucene search
K

9247 matches found

Hacker One
Hacker One
added 2020/07/01 5:22 p.m.55 views

Bitwarden: Server-Side Request Forgery in "icons.bitwarden.net"

As, I already checked with support team via portal, due to domain confirmation I checked with them. Here, adding the required information: Title: Server-Side Request Forgery in "icons.bitwarden.net". URL: https://icons.bitwarden.net/spoofed.burpcollaborator.net/icon.png Parameter: REST based in...

Exploits0
Prion
Prion
added 2020/07/01 5:15 p.m.17 views

Server side request forgery (ssrf)

Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services...

7.5CVSS9AI score0.0133EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/07/01 4:6 p.m.40 views

CVE-2020-14056

Monsta FTP 2.10.1 or earlier versions are affected by CVE-2020-14056, a server-side request forgery (SSRF) vulnerability stemming from insufficient restrictions on the web fetch functionality. This allows an attacker to read arbitrary local files and interact with arbitrary third-party services. ...

9.8CVSS9.1AI score0.0133EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2020/07/01 4:4 p.m.2 views

kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...

6.3CVSS6.9AI score0.03679EPSS
Exploits0References5
Gitee
Gitee
added 2020/06/26 11:0 a.m.3 views

Gopherus

This is a Python script for generating gopher links to exploit Server-Side Request Forgery SSRF vulnerabilities in various servers. The script is designed to be used with the Metasploit framework. The script defines several classes for different types of servers, including MySQL, FastCGI,...

7.4AI score
Exploits0
OSV
OSV
added 2020/06/24 3:15 p.m.4 views

CVE-2020-13484

Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing 'meta name="og:image" content="' followed by an intranet URL...

9.8CVSS7.3AI score0.02028EPSS
Exploits1References1
Atlassian
Atlassian
added 2020/06/23 4:27 p.m.46 views

SSRF in Webhooks - CVE-2020-14170

Affected versions of Atlassian Bitbucket Data Center allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource...

4.3CVSS4.6AI score0.00829EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/06/18 9:12 p.m.4 views

kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...

6.3CVSS6.9AI score0.03679EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/17 7:44 p.m.6 views

kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...

6.3CVSS6.9AI score0.03679EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/16 2:52 p.m.25 views

Security Bulletin: WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)

Summary WebSphere Application Server is vulnerable to a server-side request forgery vulnerability. Vulnerability Details CVEID: CVE-2020-4365 DESCRIPTION: IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote...

5.3CVSS1AI score0.01398EPSS
Exploits0Affected Software1
Prion
Prion
added 2020/06/16 2:15 p.m.18 views

Server side request forgery (ssrf)

OX App Suite through 7.10.3 allows SSRF...

4CVSS6.5AI score0.01064EPSS
Exploits2References2Affected Software1
Veracode
Veracode
added 2020/06/16 9:19 a.m.51 views

Server-side Request Forgery (SSRF)

batik-svgrasterizer is vulnerable to server side request forgery SSRF. It is possible as it does not prevent an attacker to make malicious GET requests on behalf of the server through the use of xlink:hrefattributes which allows access to internal resources...

7.5CVSS2.8AI score0.1074EPSS
Exploits0References14Affected Software1
Cvelist
Cvelist
added 2020/06/15 6:8 p.m.23 views

CVE-2020-13650

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery SSRF that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to ...

7.5AI score0.01027EPSS
Exploits0References1
CVE
CVE
added 2020/06/15 6:8 p.m.47 views

CVE-2020-13650

DigDash 2018R2 before p20200210 and 2019R1 before p20200210 are affected by a Server-Side Request Forgery (SSRF) on the login page, allowing use of the application as a proxy. External requests can disclose application credentials; internal requests can be blind, but error messages may indicate w...

7.5CVSS7.5AI score0.01027EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2020/06/15 4:18 p.m.4 views

jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

10CVSS7.4AI score0.10458EPSS
Exploits0References4
0day.today
0day.today
added 2020/06/15 12:0 a.m.145 views

OX Guard 2.10.3 Cross Site Scripting / Server-Side Request Forgery Vulnerabilities

Exploit for php platform in category web applications Product: OX Guard Vendor: OX Software GmbH Internal reference: GUARD-179 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 2.10.3 Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by Vendor Fixed...

4.3CVSS0.0118EPSS
Exploits2
0day.today
0day.today
added 2020/06/15 12:0 a.m.159 views

OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation Vulnerabilities

OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities. Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in findi...

5CVSS0.2AI score0.02029EPSS
Exploits5
Prion
Prion
added 2020/06/12 2:15 p.m.14 views

Server side request forgery (ssrf)

Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery ssrf vulnerability. Successful exploitation could lead to sensitive information disclosure...

5CVSS7.1AI score0.03294EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2020/06/12 12:0 a.m.466 views

OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation

Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH...

4CVSS0.4AI score0.02029EPSS
Exploits5
OSV
OSV
added 2020/06/11 7:15 p.m.12 views

CVE-2020-12725

Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...

7.2CVSS6.7AI score
Exploits0References3
Rows per page
Query Builder