Lucene search
K

9246 matches found

OpenVAS
OpenVAS
added 2019/11/07 12:0 a.m.81 views

Magento 2.2.x < 2.2.10, 2.3.x < 2.3.3 or 2.3.2-p1 Multiple Vulnerabilities (Oct 2019)

Magento is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:magentocommerce:magento"; if...

9.8CVSS7AI score0.03267EPSS
Exploits0References1
NVD
NVD
added 2019/11/06 12:15 a.m.15 views

CVE-2019-8151

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier...

7.2CVSS7.4AI score0.01714EPSS
Exploits0References1
OSV
OSV
added 2019/11/06 12:15 a.m.9 views

CVE-2019-8151

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier...

7.2CVSS8.1AI score
Exploits0References1
Prion
Prion
added 2019/11/06 12:15 a.m.11 views

Remote code execution

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier...

6.5CVSS7.4AI score0.01714EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/11/05 11:37 p.m.42 views

CVE-2019-8151

CVE-2019-8151 affects Magento: versions 2.2 before 2.2.10 and 2.3 before 2.3.3, or 2.3.2-p1, are vulnerable. It requires an authenticated admin to manipulate shipping settings and can lead to remote code execution via server-side request forgery caused by unsafe handling of a carrier gateway. The...

7.2CVSS7.5AI score0.01714EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/05 11:37 p.m.13 views

CVE-2019-8151

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to manipulate shippment settings can execute arbitrary code through server-side request forgery due to unsafe handling of a carrier...

7.6AI score0.01714EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/10/29 12:0 a.m.5 views

The vulnerability of the ZingBox Inspector, a network traffic handler, lies in the lack of protection for service data, allowing attackers to execute SSRF attacks.

The vulnerability of the ZingBox Inspector network traffic processor is related to the lack of protection for service data. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...

5.3CVSS5.7AI score0.01036EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/10/28 12:0 a.m.14 views

Fedora 29 : wordpress (2019-e70f89fa34)

WordPress 5.2.4 Security Release WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Security Updates - Props to Evan Ricafort for finding an issue where stored XSS cross-site scripting could be added via the Customizer. - Props to J.D. Grimes who...

5.4AI score
Exploits0References1
GithubExploit
GithubExploit
added 2019/10/27 2:42 p.m.376 views

Exploit for Server-Side Request Forgery in Apache Axis

cve-2019-0227 Apache Axis1.4 remote code execution vulnerabil...

7.5CVSS7.4AI score0.86503EPSS
Exploits7
NVD
NVD
added 2019/10/24 11:15 a.m.16 views

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

9.8CVSS8AI score0.32304EPSS
Exploits1References2
Prion
Prion
added 2019/10/24 11:15 a.m.15 views

Server side request forgery (ssrf)

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

7.5CVSS8.6AI score0.32304EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/10/24 10:58 a.m.17 views

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests...

8.7AI score0.32304EPSS
Exploits1References2
CVE
CVE
added 2019/10/24 10:58 a.m.231 views

CVE-2019-18394

Ignite Realtime Openfire before version 4.4.3 is affected by a Server-Side Request Forgery (SSRF) in FaviconServlet.java, allowing attackers to send arbitrary HTTP GET requests. The vulnerability affects Openfire up to 4.4.2; exploitation is facilitated by the SSRF flaw in the FaviconServlet. Rem...

9.8CVSS8.5AI score0.32304EPSS
In wildExploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/10/24 12:0 a.m.23 views

CVE-2019-18394

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. Recent assessments: ericalexanderorg at August 04, 2020 4:42pm UTC reported: More detail Stupid easy SSRF...

9.8CVSS2.7AI score0.32304EPSS
Exploits1References3
OSV
OSV
added 2019/10/23 7:15 p.m.5 views

CVE-2019-18355

An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7...

9.8CVSS7.3AI score0.01514EPSS
Exploits0References1
NVD
NVD
added 2019/10/23 1:15 p.m.24 views

CVE-2019-10466

An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks...

8.1CVSS8AI score0.01002EPSS
Exploits0References2
OSV
OSV
added 2019/10/23 1:15 p.m.19 views

CVE-2019-10466

An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks...

8.1CVSS6.9AI score
Exploits0References2
Cvelist
Cvelist
added 2019/10/23 12:45 p.m.29 views

CVE-2019-10466

An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks...

8.1AI score0.01002EPSS
Exploits0References2
CVE
CVE
added 2019/10/23 12:45 p.m.71 views

CVE-2019-10466

CVE-2019-10466 is an XXE vulnerability in the Jenkins 360 FireLine Plugin. The issue arises when an attacker with Overall/Read access can cause Jenkins to resolve external entities, enabling extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service. Public re...

8.1CVSS8AI score0.01002EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2019/10/22 6:57 a.m.16 views

Server-Side Request Forgery (SSRF)

unoconv is vulnerable to server-side request forgery SSRF. The vulnerability exists because it does not validate the user supplied input pathnames, allowing a remote attacker to have full or partial control of the request to be executed in the context of the server process worker...

7.5CVSS5.3AI score0.01927EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder