9247 matches found
Server side request forgery (ssrf)
IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964...
QRadar Community Edition 7.3.1.6 Arbitrary Object Instantiation Vulnerability
QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and potentially arbitrary execution of code...
QRadar Community Edition 7.3.1.6 Server Side Request Forgery
------------------------------------------------------------------------ QRadar RssFeedItem Server-Side Request Forgery vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2019...
Stripo Inc: SSRF in my.stripo.email
They are a SSRF Server-side Request Forgery in https://my.stripo.email An attacker can do an attack and get ip address behind WAF and try to get RCE...
Tencent Ups Top Bug-Bounty Award to $15K
The Tencent Security Response Center TSRC is launching an expanded bug-bounty program, via the HackerOne white-hat platform – and the company has increased its top reward to $15,000. Tencent, a China-based global internet service provider, is opening up its existing bug-bounty program to...
CVE-2020-4294
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404...
Server side request forgery (ssrf)
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404...
Security Bulletin: IBM QRadar SIEM is vulnerable to Server-Side Request Forgery (SSRF) (CVE-2020-4294)
Summary IBM QRadar SIEM is vulnerable to Server-Side Request Forgery SSRF Vulnerability Details CVEID: CVE-2020-4294 DESCRIPTION: IBM QRadar SIEM is vulnerable to Server Side Request Forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially...
CVE-2019-10337
An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...
Server side request forgery (ssrf)
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration...
Oracle NoSQL Database Enterprise Server-Side Request Forgery (October 2019 CPU)
The version of Oracle NoSQL Database Enterprise running on the remote host is prior to 19.3.12. It is, therefore, affected by a server-side request forgery vulnerability. The vulnerability exists in the jackson-databind component due to a failure to block the axis2-jaxws class from polymorphic...
MicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution Vulnerabilit
Exploit for multiple platform in category web applications Exploit Title: MicroStrategy Intelligence Server and Web 10.4 - multiple vulnerabilities Exploit Author: RedTimmy Security Authors blog: https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/...
CVE-2020-11453
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...
CVE-2020-11453
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...
CVE-2020-11453
CVE-2020-11453 relates to MicroStrategy Web 10.4 and involves a Server-Side Request Forgery in the Test Web Service exposed at /MicroStrategyWS/. The SSRF requires no authentication and cannot pass parameters, but can be used to perform port scanning and enumerate network resources (IP addresses ...
Micronaut's HTTP client is vulnerable to HTTP Request Header Injection
Vulnerability Micronaut's HTTP client is vulnerable to "HTTP Request Header Injection" due to not validating request headers passed to the client. Example of vulnerable code: java @Controller"/hello" public class HelloController @Inject @Client"/" RxHttpClient client; @Get"/external-exploit"...
PT-2020-12447 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 8.10 through 12.9 Description: The issue is related to a Server-Side Request Forgery SSRF in the project import note feature. This allows an attacker to forge requests from the server, potentially leading to unauthorized acces...
Server-Side Request Forgery
Overview Versions of @uppy/companion prior to 1.9.3 are vulnerable to Server-Side Request Forgery SSRF. The get route passes the user-controlled variable req.body.url to a GET request without sanitizing the value. This allows attackers to inject arbitrary URLs and make GET requests on behalf of t...
Nextcloud Server < 15.0.14, 16.x < 16.0.7, 17.x < 17.0.2 SSRF Vulnerability (NC-SA-2020-014)
Nextcloud Server is prone to a server-side request forgery SSRF protection bypass vulnerability in calendar subscriptions. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2019-11574
An issue was discovered in Simple Machines Forum SMF before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls...