9247 matches found
Open-Xchange App Suite / Documents Server-Side Request Forgery
Product: OX App Suite / OX Documents Vendor: OX Software GmbH Internal reference: 67871, 68258 Bug ID Vulnerability type: Server-Side Request Forgery CWE-918 Vulnerable version: 7.10.2 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed...
Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
Zimbra Collaboration Suite ZCS is a collaboration software suite that includes an email server and web client. A security vulnerability exists in Zimbra Collaboration Suite ZCS versions prior to 8.8.15 Patch 7. The vulnerability stems from an improperly designed or implemented code development...
openSUSE Security Update : nextcloud (openSUSE-2020-220)
This update for nextcloud fixes the following issues : Nextcloud was updated to 15.0.14 : - NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour on the file extension when checking file mimetypes boo1162766 - NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caus...
Server side request forgery (ssrf)
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code...
CVE-2020-8128
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code...
Server side request forgery (ssrf)
IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery SSRF. This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815...
CVE-2019-4741
IBM Content Navigator 3.0CD is affected by a Server-Side Request Forgery (SSRF) vulnerability (CVE-2019-4741). An unauthenticated attacker could trigger the system to issue unauthorized requests, enabling network enumeration or facilitating other attacks as described by IBM’s security bulletin. R...
CVE-2019-4741
IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery SSRF. This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815...
CVE-2020-8118
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...
CVE-2020-8118
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...
Server side request forgery (ssrf)
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...
CVE-2020-8118
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...
Server side request forgery (ssrf)
The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request...
HTTP Request Smuggling. A how-to
TL;DR HTTP Request Smuggling is not a new issue, a 2005 white paper from Watchfire discusses it in detail and there are other resources too. What I found missing was practical, actionable, how-to references. This post covers my findings and, hopefully, sheds some light on the intricacies of HTTP...
Server side request forgery (ssrf)
Server-side request forgery SSRF vulnerability in feed-proxy.php in extjs 5.0.0...
CVE-2007-6758
Server-side request forgery SSRF vulnerability in feed-proxy.php in extjs 5.0.0...
CVE-2007-6758
Server-side request forgery SSRF vulnerability in feed-proxy.php in extjs 5.0.0...
Razer: [SSRF] Server-Side Request Forgery at https://sea-web.gold.razer.com/dev/simulator via notify_url Parameter
The tester discovered an SSRF that could have allowed the compromise of the web.gold.razer.com server, leading to a significant data breach. Razer thanks the tester for the excellent report...
Oracle Tuxedo Remote Code Execution Vulnerability (Jan 2020 CPU)
The version of Oracle Tuxedo installed on the remote host is missing a security patch. It is, therefore, affected by a remote code execution vulnerability due to a Server Side Request Forgery SSRF vulnerability found in the Apache Axis 1.4 distribution used in the TX SALT component. %NASLMINLEVEL...
Chained Quiz < 1.1.8.2 - Unauthenticated Reflected XSS
WordPress Plugin Plugin Chained Quiz before 1.1.8.2 suffers from a Reflected XSS vulnerability in the 'totalquestions' POST parameter when a user completes a quiz. The code in question accepts the 'totalquestions' parameter without escaping the special characters: models/quiz.php $output =...