9247 matches found
CVE-2020-8138
CVE-2020-8138: Nextcloud Server is vulnerable to a Server-Side Request Forgery (SSRF) when subscribing to a malicious calendar URL due to a missing check for IPv4 nested inside IPv6. Affected versions are Nextcloud Server < 17.0.1, < 16.0.7, and
CVE-2020-8135
The uppy npm package 1.9.3 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems...
CVE-2020-8135
The uppy npm package 1.9.3 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems...
Server side request forgery (ssrf)
Server-side request forgery SSRF vulnerability in Ghost CMS 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems...
Server side request forgery (ssrf)
The uppy npm package 1.9.3 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems...
CVE-2020-8134
CVE-2020-8134 corresponds to a Ghost CMS SSRF flaw in the code path prior to version 3.10.0. The issue allows an attacker to scan internal or external networks or interact with internal systems through server-side requests. This affects Ghost CMS deployments running versions earlier than 3.10.0; ...
GLSA-202003-11 : SVG Salamander: Server-Side Request Forgery
The remote host is affected by the vulnerability described in GLSA-202003-11 SVG Salamander: Server-Side Request Forgery A Server-Side Request Forgery was discovered in SVG Salamander. Impact : An attacker, by sending a specially crafted SVG file, can conduct SSRF. Workaround : There is no known...
GLSA-202003-09 : OpenID library for Ruby: Server-Side Request Forgery
The remote host is affected by the vulnerability described in GLSA-202003-09 OpenID library for Ruby: Server-Side Request Forgery It was discovered that OpenID library for Ruby performed discovery first, and then verification. Impact : A remote attacker could possibly change the URL used for...
SVG Salamander: Server-Side Request Forgery
Background SVG Salamander is a light weight SVG renderer and animator for Java. Description A Server-Side Request Forgery was discovered in SVG Salamander. Impact An attacker, by sending a specially crafted SVG file, can conduct SSRF. Workaround There is no known workaround at this time. Resoluti...
OpenID library for Ruby: Server-Side Request Forgery
Background A Ruby library for verifying and serving OpenID identities. Description It was discovered that OpenID library for Ruby performed discovery first, and then verification. Impact A remote attacker could possibly change the URL used for discovery and trick the server into connecting to the...
CVE-2020-8540
An XML external entity XXE vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
Server side request forgery (ssrf)
An XML external entity XXE vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
CVE-2020-8540
An XML external entity XXE vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-2020 update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
CVE-2019-13121
An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control...
CVE-2019-12443
An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery SSRF vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks...
Server-Side Request Forgery (SSRF)
ghost is vulnerable to server-side request forgery SSRF. An attacker with the publisher role editor, author, contributor, administrator in a blog is able to exploit the vulnerability in the embed content module to make arbitrary GET requests in a on behalf of the server, allowing discovery of...
FreeBSD : Gitlab -- Multiple Vulnerabilities (62f2182c-5f7a-11ea-abb7-001b217b3468)
Gitlab reports : Directory Traversal to Arbitrary File Read Account Takeover Through Expired Link Server Side Request Forgery Through Deprecated Service Group Two-Factor Authentication Requirement Bypass Stored XSS in Merge Request Pages Stored XSS in Merge Request Submission Form Stored XSS in...
Server-Side Request Forgery (SSRF)
uppy is vulnerable to server-side request forgery. The /get route calls a downloadURL without validating the url parameter, allowing an attacker to perform HTTP requests in the context of the server. This can result in the extracting of information from any internal resource...
SSRF in "Add to your ownCloud" functionality – ownCloud
------- It is possible to force the ownCloud server to execute GET requests against a crafted URL on the internal or external network Server Side Request Forgery after receiving a public link-share URL. The criticality of this issue is lowered because the attacker can not see the result of the...
Server side request forgery (ssrf)
OX App Suite through 7.10.2 allows SSRF...