9247 matches found
Bitwarden: Server-Side Request Forgery in "icons.bitwarden.net"
As, I already checked with support team via portal, due to domain confirmation I checked with them. Here, adding the required information: Title: Server-Side Request Forgery in "icons.bitwarden.net". URL: https://icons.bitwarden.net/spoofed.burpcollaborator.net/icon.png Parameter: REST based in...
Server side request forgery (ssrf)
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files and interact with arbitrary third-party services...
CVE-2020-14056
Monsta FTP 2.10.1 or earlier versions are affected by CVE-2020-14056, a server-side request forgery (SSRF) vulnerability stemming from insufficient restrictions on the web fetch functionality. This allows an attacker to read arbitrary local files and interact with arbitrary third-party services. ...
kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...
Gopherus
This is a Python script for generating gopher links to exploit Server-Side Request Forgery SSRF vulnerabilities in various servers. The script is designed to be used with the Metasploit framework. The script defines several classes for different types of servers, including MySQL, FastCGI,...
CVE-2020-13484
Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing 'meta name="og:image" content="' followed by an intranet URL...
SSRF in Webhooks - CVE-2020-14170
Affected versions of Atlassian Bitbucket Data Center allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery SSRF vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource...
kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...
kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...
Security Bulletin: WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)
Summary WebSphere Application Server is vulnerable to a server-side request forgery vulnerability. Vulnerability Details CVEID: CVE-2020-4365 DESCRIPTION: IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote...
Server side request forgery (ssrf)
OX App Suite through 7.10.3 allows SSRF...
Server-side Request Forgery (SSRF)
batik-svgrasterizer is vulnerable to server side request forgery SSRF. It is possible as it does not prevent an attacker to make malicious GET requests on behalf of the server through the use of xlink:hrefattributes which allows access to internal resources...
CVE-2020-13650
An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery SSRF that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to ...
CVE-2020-13650
DigDash 2018R2 before p20200210 and 2019R1 before p20200210 are affected by a Server-Side Request Forgery (SSRF) on the login page, allowing use of the application as a proxy. External requests can disclose application credentials; internal requests can be blind, but error messages may indicate w...
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
OX Guard 2.10.3 Cross Site Scripting / Server-Side Request Forgery Vulnerabilities
Exploit for php platform in category web applications Product: OX Guard Vendor: OX Software GmbH Internal reference: GUARD-179 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 2.10.3 Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by Vendor Fixed...
OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation Vulnerabilities
OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities. Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in findi...
Server side request forgery (ssrf)
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery ssrf vulnerability. Successful exploitation could lead to sensitive information disclosure...
OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation
Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH...
CVE-2020-12725
Havoc Research discovered an authenticated Server-Side Request Forgery SSRF via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding...