9247 matches found
Oracle Primavera Gateway Multiple Vulnerabilities (Jan 2020 CPU)
According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.18, 16.x prior to 16.2.11, 17.x prior to 17.12.6, or 18.x prior to 18.8.8.1. It is, therefore, affected by multiple vulnerabilities, including the...
Server-Side Request Forgery
odata-client-core is vulnerable to cross-site request forgery CSRF. The AsyncRequestWrapperImpl class reads a URL from the Location header and sends a GET/DELETE request to the URL without verifying the authenticity of the request. This allows a remote attacker to trick a user into visiting a...
The vulnerability of the AdminTools component of the SAP BusinessObjects Business Intelligence platform allows a attacker to perform an SSRF attack.
The vulnerability of the AdminTools component of the SAP BusinessObjects Business Intelligence platform relates to insufficient validation of queries at the server side. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...
Server side request forgery (ssrf)
Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can...
Apache Olingo CVE-2020-1925 Server Side Request Forgery Access Bypass Vulnerability
Description Apache Olingo is prone to an access-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Apache Olingo versions prior to 4.7.1 are vulnerable. Technologies Affected Apache Oling...
Server side request forgery (ssrf)
GitLab Enterprise Edition EE 6.7 and later through 12.5 allows SSRF...
Server side request forgery (ssrf)
An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF...
Server side request forgery (ssrf)
LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets...
Server-Side Request Forgery
Overview Versions of ftp-srv prior to versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery SSRF. The package fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to acce...
Symantec Messaging Gateway 10.x < 10.7.3 Multiple Vulnerabilities (SYMSA1501)
According to its self-reported version number, the Symantec Messaging Gateway SMG running on the remote host is 10.x prior to 10.7.3. It is, therefore, affected by multiple vulnerabilities: - A privilege escalation vulnerability exists in Symantec Messaging Gateway. An authenticated, remote...
CVE-2019-18379
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery SSRF exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interfac...
CVE-2019-18379
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery SSRF exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interfac...
CVE-2019-18379
CVE-2019-18379 affects Symantec Messaging Gateway (SMG) versions prior to 10.7.3. The issue is a server-side request forgery (SSRF) that could allow the backend server to send crafted requests or access services via the loopback interface. Impact is described as enabling unauthorized internal req...
Inim Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated SSRF
Summary SmartLiving anti-intrusion control panel and security system provides important features rarely found in residential, commercial or industrial application systems of its kind. This optimized-performance control panel provides first-rate features such as: graphic display, text-to-speech,...
Important: Red Hat Security Advisory: Red Hat Data Grid 7.3.2 security update
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2018-20687
An XML external entity XXE vulnerability in CommandCenterWebServices/.?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
CVE-2018-20687
An XML external entity XXE vulnerability in CommandCenterWebServices/.?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
Xxe
SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity XXE vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects...
Server side request forgery (ssrf)
hookfiledownload in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request...