Lucene search
K

9247 matches found

Packet Storm
Packet Storm
added 2020/02/21 12:0 a.m.115 views

Open-Xchange App Suite / Documents Server-Side Request Forgery

Product: OX App Suite / OX Documents Vendor: OX Software GmbH Internal reference: 67871, 68258 Bug ID Vulnerability type: Server-Side Request Forgery CWE-918 Vulnerable version: 7.10.2 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed...

6.8CVSS0.4AI score0.03215EPSS
Exploits4
CNVD
CNVD
added 2020/02/19 12:0 a.m.3 views

Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability

Zimbra Collaboration Suite ZCS is a collaboration software suite that includes an email server and web client. A security vulnerability exists in Zimbra Collaboration Suite ZCS versions prior to 8.8.15 Patch 7. The vulnerability stems from an improperly designed or implemented code development...

9.8CVSS9.3AI score0.85416EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/02/18 12:0 a.m.27 views

openSUSE Security Update : nextcloud (openSUSE-2020-220)

This update for nextcloud fixes the following issues : Nextcloud was updated to 15.0.14 : - NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour on the file extension when checking file mimetypes boo1162766 - NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caus...

8CVSS5.9AI score0.01924EPSS
Exploits3References13
Prion
Prion
added 2020/02/14 10:15 p.m.22 views

Server side request forgery (ssrf)

An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code...

7.5CVSS9.8AI score0.02626EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/02/14 9:30 p.m.30 views

CVE-2020-8128

An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code...

10AI score0.02626EPSS
Exploits1References1
Prion
Prion
added 2020/02/12 4:15 p.m.16 views

Server side request forgery (ssrf)

IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery SSRF. This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815...

5CVSS5.2AI score0.00962EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/02/12 4:10 p.m.49 views

CVE-2019-4741

IBM Content Navigator 3.0CD is affected by a Server-Side Request Forgery (SSRF) vulnerability (CVE-2019-4741). An unauthenticated attacker could trigger the system to issue unauthorized requests, enabling network enumeration or facilitating other attacks as described by IBM’s security bulletin. R...

5.3CVSS5.2AI score0.00962EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/02/12 4:10 p.m.11 views

CVE-2019-4741

IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery SSRF. This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 172815...

5.3CVSS5.2AI score0.00962EPSS
Exploits0References2
NVD
NVD
added 2020/02/04 8:15 p.m.16 views

CVE-2020-8118

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

5CVSS5.8AI score0.01287EPSS
Exploits1References4
OSV
OSV
added 2020/02/04 8:15 p.m.35 views

CVE-2020-8118

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

5CVSS6.5AI score
Exploits0References4
Prion
Prion
added 2020/02/04 8:15 p.m.25 views

Server side request forgery (ssrf)

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

4CVSS5AI score0.01287EPSS
Exploits1References4Affected Software3
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.25 views

CVE-2020-8118

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

6.1AI score0.01287EPSS
Exploits1References4
Prion
Prion
added 2020/02/03 5:15 p.m.13 views

Server side request forgery (ssrf)

The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request...

7.8CVSS7.5AI score0.37821EPSS
Exploits3References1Affected Software1
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/01/31 7:55 a.m.74 views

HTTP Request Smuggling. A how-to

TL;DR HTTP Request Smuggling is not a new issue, a 2005 white paper from Watchfire discusses it in detail and there are other resources too. What I found missing was practical, actionable, how-to references. This post covers my findings and, hopefully, sheds some light on the intricacies of HTTP...

6.1AI score
Exploits0
Prion
Prion
added 2020/01/23 4:15 p.m.20 views

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in feed-proxy.php in extjs 5.0.0...

5CVSS7.1AI score0.01305EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2020/01/23 4:15 p.m.34 views

CVE-2007-6758

Server-side request forgery SSRF vulnerability in feed-proxy.php in extjs 5.0.0...

7.5CVSS7.1AI score0.01305EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/01/23 3:22 p.m.23 views

CVE-2007-6758

Server-side request forgery SSRF vulnerability in feed-proxy.php in extjs 5.0.0...

7.6AI score0.01305EPSS
Exploits1References2
Hacker One
Hacker One
added 2020/01/18 11:23 p.m.26 views

Razer: [SSRF] Server-Side Request Forgery at https://sea-web.gold.razer.com/dev/simulator via notify_url Parameter

The tester discovered an SSRF that could have allowed the compromise of the web.gold.razer.com server, leading to a significant data breach. Razer thanks the tester for the excellent report...

1.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/01/17 12:0 a.m.117 views

Oracle Tuxedo Remote Code Execution Vulnerability (Jan 2020 CPU)

The version of Oracle Tuxedo installed on the remote host is missing a security patch. It is, therefore, affected by a remote code execution vulnerability due to a Server Side Request Forgery SSRF vulnerability found in the Apache Axis 1.4 distribution used in the TX SALT component. %NASLMINLEVEL...

7.5CVSS7.6AI score0.86503EPSS
Exploits7References2
wpexploit
wpexploit
added 2020/01/16 12:0 a.m.27 views

Chained Quiz < 1.1.8.2 - Unauthenticated Reflected XSS

WordPress Plugin Plugin Chained Quiz before 1.1.8.2 suffers from a Reflected XSS vulnerability in the 'totalquestions' POST parameter when a user completes a quiz. The code in question accepts the 'totalquestions' parameter without escaping the special characters: models/quiz.php $output =...

4.3CVSS0.2AI score0.01607EPSS
Exploits2References2
Rows per page
Query Builder