Lucene search
K

9247 matches found

Tenable Nessus
Tenable Nessus
added 2020/01/15 12:0 a.m.62 views

Oracle Primavera Gateway Multiple Vulnerabilities (Jan 2020 CPU)

According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.18, 16.x prior to 16.2.11, 17.x prior to 17.12.6, or 18.x prior to 18.8.8.1. It is, therefore, affected by multiple vulnerabilities, including the...

9.8CVSS7AI score0.87218EPSS
Exploits13References10
Veracode
Veracode
added 2020/01/14 2:42 a.m.16 views

Server-Side Request Forgery

odata-client-core is vulnerable to cross-site request forgery CSRF. The AsyncRequestWrapperImpl class reads a URL from the Location header and sends a GET/DELETE request to the URL without verifying the authenticity of the request. This allows a remote attacker to trick a user into visiting a...

7.5CVSS2.9AI score0.0283EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/01/13 12:0 a.m.5 views

The vulnerability of the AdminTools component of the SAP BusinessObjects Business Intelligence platform allows a attacker to perform an SSRF attack.

The vulnerability of the AdminTools component of the SAP BusinessObjects Business Intelligence platform relates to insufficient validation of queries at the server side. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

9.6CVSS7.8AI score0.01086EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2020/01/09 7:15 p.m.14 views

Server side request forgery (ssrf)

Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can...

5CVSS7.5AI score0.0283EPSS
Exploits0References1Affected Software1
Symantec
Symantec
added 2020/01/08 12:0 a.m.24 views

Apache Olingo CVE-2020-1925 Server Side Request Forgery Access Bypass Vulnerability

Description Apache Olingo is prone to an access-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Apache Olingo versions prior to 4.7.1 are vulnerable. Technologies Affected Apache Oling...

0.9AI score0.0283EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/01/03 5:15 p.m.15 views

Server side request forgery (ssrf)

GitLab Enterprise Edition EE 6.7 and later through 12.5 allows SSRF...

6.8CVSS8.6AI score0.0102EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/12/30 10:15 p.m.21 views

Server side request forgery (ssrf)

An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF...

6.4CVSS6.7AI score0.0073EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/12/29 5:15 a.m.10 views

Server side request forgery (ssrf)

LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets...

6.4CVSS6.5AI score0.0092EPSS
Exploits1References1Affected Software1
Node.js
Node.js
added 2019/12/23 9:25 p.m.22 views

Server-Side Request Forgery

Overview Versions of ftp-srv prior to versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery SSRF. The package fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to acce...

5CVSS9.3AI score0.01859EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/12/18 12:0 a.m.53 views

Symantec Messaging Gateway 10.x < 10.7.3 Multiple Vulnerabilities (SYMSA1501)

According to its self-reported version number, the Symantec Messaging Gateway SMG running on the remote host is 10.x prior to 10.7.3. It is, therefore, affected by multiple vulnerabilities: - A privilege escalation vulnerability exists in Symantec Messaging Gateway. An authenticated, remote...

7.5CVSS6.6AI score0.01402EPSS
Exploits0References4
NVD
NVD
added 2019/12/11 4:15 p.m.22 views

CVE-2019-18379

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery SSRF exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interfac...

7.5CVSS7.2AI score0.01118EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/12/11 3:49 p.m.33 views

CVE-2019-18379

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery SSRF exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interfac...

7.2AI score0.01118EPSS
Exploits0References1
CVE
CVE
added 2019/12/11 3:49 p.m.54 views

CVE-2019-18379

CVE-2019-18379 affects Symantec Messaging Gateway (SMG) versions prior to 10.7.3. The issue is a server-side request forgery (SSRF) that could allow the backend server to send crafted requests or access services via the loopback interface. Impact is described as enabling unauthorized internal req...

7.5CVSS7.1AI score0.01118EPSS
Exploits0References1Affected Software1
Zero Science Lab
Zero Science Lab
added 2019/12/09 12:0 a.m.91 views

Inim Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF

Summary SmartLiving anti-intrusion control panel and security system provides important features rarely found in residential, commercial or industrial application systems of its kind. This optimized-performance control panel provides first-rate features such as: graphic display, text-to-speech,...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/12/02 4:24 p.m.116 views

Important: Red Hat Security Advisory: Red Hat Data Grid 7.3.2 security update

An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

10CVSS7.3AI score0.12679EPSS
Exploits0References14
NVD
NVD
added 2019/11/18 7:15 p.m.33 views

CVE-2018-20687

An XML external entity XXE vulnerability in CommandCenterWebServices/.?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

9.8CVSS9.2AI score0.02528EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/11/18 6:12 p.m.18 views

CVE-2018-20687

An XML external entity XXE vulnerability in CommandCenterWebServices/.?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

9.3AI score0.02528EPSS
Exploits0References2
Prion
Prion
added 2019/11/14 9:15 p.m.19 views

Xxe

SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...

7.5CVSS9.3AI score0.02951EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2019/11/14 8:59 p.m.16 views

CVE-2019-14678

SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...

9.5AI score0.02951EPSS
Exploits1References2
Prion
Prion
added 2019/11/13 9:15 p.m.12 views

Server side request forgery (ssrf)

hookfiledownload in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request...

5CVSS7AI score0.01744EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder