Lucene search
K

9247 matches found

Prion
Prion
added 2020/05/14 4:15 p.m.18 views

Server side request forgery (ssrf)

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964...

4CVSS4.5AI score0.01398EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2020/04/24 12:0 a.m.116 views

QRadar Community Edition 7.3.1.6 Arbitrary Object Instantiation Vulnerability

QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and potentially arbitrary execution of code...

6.5CVSS1AI score0.02978EPSS
Exploits3
Packet Storm
Packet Storm
added 2020/04/21 12:0 a.m.109 views

QRadar Community Edition 7.3.1.6 Server Side Request Forgery

------------------------------------------------------------------------ QRadar RssFeedItem Server-Side Request Forgery vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2019...

6.5CVSS0.1AI score0.01244EPSS
Exploits3
Hacker One
Hacker One
added 2020/04/17 6:58 p.m.17 views

Stripo Inc: SSRF in my.stripo.email

They are a SSRF Server-side Request Forgery in https://my.stripo.email An attacker can do an attack and get ip address behind WAF and try to get RCE...

0.9AI score
Exploits0
ThreatPost
ThreatPost
added 2020/04/15 4:17 p.m.45 views

Tencent Ups Top Bug-Bounty Award to $15K

The Tencent Security Response Center TSRC is launching an expanded bug-bounty program, via the HackerOne white-hat platform – and the company has increased its top reward to $15,000. Tencent, a China-based global internet service provider, is opening up its existing bug-bounty program to...

8.4AI score
Exploits0References7
NVD
NVD
added 2020/04/15 4:15 p.m.11 views

CVE-2020-4294

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404...

6.5CVSS6.2AI score0.01244EPSS
Exploits3References4
Prion
Prion
added 2020/04/15 4:15 p.m.21 views

Server side request forgery (ssrf)

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404...

6.5CVSS6.1AI score0.01244EPSS
Exploits3References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/14 2:28 p.m.18 views

Security Bulletin: IBM QRadar SIEM is vulnerable to Server-Side Request Forgery (SSRF) (CVE-2020-4294)

Summary IBM QRadar SIEM is vulnerable to Server-Side Request Forgery SSRF Vulnerability Details CVEID: CVE-2020-4294 DESCRIPTION: IBM QRadar SIEM is vulnerable to Server Side Request Forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially...

6.5CVSS1.4AI score0.01244EPSS
Exploits3Affected Software1
RedhatCVE
RedhatCVE
added 2020/04/09 7:16 a.m.35 views

CVE-2019-10337

An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...

7.5CVSS5.5AI score0.01999EPSS
Exploits0References4
Prion
Prion
added 2020/04/08 7:15 p.m.20 views

Server side request forgery (ssrf)

GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration...

7.5CVSS9.2AI score0.01822EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/04/06 12:0 a.m.33 views

Oracle NoSQL Database Enterprise Server-Side Request Forgery (October 2019 CPU)

The version of Oracle NoSQL Database Enterprise running on the remote host is prior to 19.3.12. It is, therefore, affected by a server-side request forgery vulnerability. The vulnerability exists in the jackson-databind component due to a failure to block the axis2-jaxws class from polymorphic...

10CVSS8AI score0.10458EPSS
Exploits0References2
0day.today
0day.today
added 2020/04/03 12:0 a.m.238 views

MicroStrategy Intelligence Server And Web 10.4 XSS / Disclosure / SSRF / Code Execution Vulnerabilit

Exploit for multiple platform in category web applications Exploit Title: MicroStrategy Intelligence Server and Web 10.4 - multiple vulnerabilities Exploit Author: RedTimmy Security Authors blog: https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/...

5.8AI score0.17841EPSS
Exploits7
NVD
NVD
added 2020/04/02 4:15 p.m.26 views

CVE-2020-11453

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...

5.3CVSS5.4AI score0.02732EPSS
Exploits3References4
Cvelist
Cvelist
added 2020/04/02 3:3 p.m.22 views

CVE-2020-11453

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...

5.4AI score0.02732EPSS
Exploits3References4
CVE
CVE
added 2020/04/02 3:3 p.m.59 views

CVE-2020-11453

CVE-2020-11453 relates to MicroStrategy Web 10.4 and involves a Server-Side Request Forgery in the Test Web Service exposed at /MicroStrategyWS/. The SSRF requires no authentication and cannot pass parameters, but can be used to perform port scanning and enumerate network resources (IP addresses ...

5.3CVSS5.4AI score0.02732EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/30 8:54 p.m.81 views

Micronaut's HTTP client is vulnerable to HTTP Request Header Injection

Vulnerability Micronaut's HTTP client is vulnerable to "HTTP Request Header Injection" due to not validating request headers passed to the client. Example of vulnerable code: java @Controller"/hello" public class HelloController @Inject @Client"/" RxHttpClient client; @Get"/external-exploit"...

9.8CVSS9.5AI score0.01799EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2020/03/27 12:0 a.m.3 views

PT-2020-12447 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 8.10 through 12.9 Description: The issue is related to a Server-Side Request Forgery SSRF in the project import note feature. This allows an attacker to forge requests from the server, potentially leading to unauthorized acces...

9.8CVSS9AI score0.01448EPSS
Exploits0References10
Node.js
Node.js
added 2020/03/26 7:35 p.m.32 views

Server-Side Request Forgery

Overview Versions of @uppy/companion prior to 1.9.3 are vulnerable to Server-Side Request Forgery SSRF. The get route passes the user-controlled variable req.body.url to a GET request without sanitizing the value. This allows attackers to inject arbitrary URLs and make GET requests on behalf of t...

7.5CVSS4.3AI score0.01328EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2020/03/24 12:0 a.m.47 views

Nextcloud Server < 15.0.14, 16.x < 16.0.7, 17.x < 17.0.2 SSRF Vulnerability (NC-SA-2020-014)

Nextcloud Server is prone to a server-side request forgery SSRF protection bypass vulnerability in calendar subscriptions. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

6.5CVSS6.4AI score0.01395EPSS
Exploits1References1
OSV
OSV
added 2020/03/20 11:15 p.m.4 views

CVE-2019-11574

An issue was discovered in Simple Machines Forum SMF before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls...

9.8CVSS5.8AI score0.0147EPSS
Exploits1References2
Rows per page
Query Builder