Lucene search
K

9247 matches found

Veracode
Veracode
added 2019/10/22 6:57 a.m.16 views

Server-Side Request Forgery (SSRF)

unoconv is vulnerable to server-side request forgery SSRF. The vulnerability exists because it does not validate the user supplied input pathnames, allowing a remote attacker to have full or partial control of the request to be executed in the context of the server process worker...

7.5CVSS5.3AI score0.01927EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/10/21 12:0 a.m.22 views

Cisco Finesse Server-Side Request Forgery (cisco-sa-20180718-finesse)

According to its self-reported version, Cisco Finesse Software is affected a vulnerability in the web-based management interface, which could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack. Please see the included Cisco BIDs and Cisco Security...

9.8CVSS8.5AI score0.02062EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/10/21 12:0 a.m.25 views

Cisco Finesse Appliance HTTP Request Processing Server-Side Request Forgery Vulnerability (cisco-sa-20160504-finesse)

According to its self-reported version, the Cisco Finesse appliance is affected by a server-side request forgery SSRF in application programming interface API for gadgets integration due to insufficient access controls. An unauthenticated, remote attacker can exploit this, via crafted HTTP reques...

8.6CVSS8AI score0.01061EPSS
Exploits0References3
Veracode
Veracode
added 2019/10/18 8:40 a.m.40 views

Server-Side Request Forgery (SSRF)

wordpress is vulnerable to server-side request forgery SSRF. The URL validation does not consider the interpretation of a name as a series of hex characters, allowing a remote attacker to bypass the URL validation using hex values in the URL...

9.8CVSS5AI score0.05243EPSS
Exploits0References9Affected Software1
Veracode
Veracode
added 2019/10/18 2:46 a.m.28 views

Server-Side Request Forgery (SSRF)

graphite-web is vulnerable to server-side request forgery SSRF. The sendemail function in graphite-web/webapp/graphite/composer/views.py can be used by an attacker to send a request on behalf of the Graphite web server. The corresponding response from the SSRF request is encoded into an image fil...

7.5CVSS3.1AI score0.16948EPSS
Exploits1References7Affected Software1
UbuntuCve
UbuntuCve
added 2019/10/17 1:15 p.m.24 views

CVE-2019-17669

WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters...

9.8CVSS7.2AI score0.05243EPSS
Exploits0References6
Prion
Prion
added 2019/10/17 1:15 p.m.18 views

Server side request forgery (ssrf)

WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters...

7.5CVSS9.4AI score0.05243EPSS
Exploits0References9Affected Software2
Debian CVE
Debian CVE
added 2019/10/17 12:3 p.m.33 views

CVE-2019-17669

WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters...

9.8CVSS3AI score0.05243EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/10/16 12:0 a.m.19 views

WordPress 3.8.x < 3.8.31 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in Customizer. - An unspecified issue which could lead to disclosure of unauthenticated posts. - A cross-site scripting XSS...

5.3CVSS6.2AI score0.36503EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2019/10/16 12:0 a.m.16 views

WordPress 4.2.x < 4.2.25 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in Customizer. - An unspecified issue which could lead to disclosure of unauthenticated posts. - A cross-site scripting XSS...

5.3CVSS6.2AI score0.36503EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2019/10/16 12:0 a.m.23 views

WordPress 4.3.x < 4.3.21 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in Customizer. - An unspecified issue which could lead to disclosure of unauthenticated posts. - A cross-site scripting XSS...

5.3CVSS6.2AI score0.36503EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2019/10/16 12:0 a.m.18 views

WordPress 4.0.x < 4.0.28 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in Customizer. - An unspecified issue which could lead to disclosure of unauthenticated posts. - A cross-site scripting XSS...

5.3CVSS6.2AI score0.36503EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2019/10/16 12:0 a.m.29 views

WordPress 4.9.x < 4.9.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in Customizer. - An unspecified issue which could lead to disclosure of unauthenticated posts. - A cross-site scripting XSS...

5.3CVSS6.2AI score0.36503EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2019/10/15 12:0 a.m.151 views

WordPress < 5.2.4 Multiple Vulnerabilities

According to its self-reported version number, the WordPress application running on the remote web server is affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated,...

5.3CVSS6.9AI score0.36503EPSS
Exploits2References2
FreeBSD
FreeBSD
added 2019/10/14 12:0 a.m.12 views

wordpress -- multiple issues

wordpress developers reports: Props to Evan Ricafort for finding an issue where stored XSS cross-site scripting could be added via the Customizer. rops to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. Props to Weston Ruter for finding a way to create a stored XSS ...

6.5AI score
Exploits0References1
Prion
Prion
added 2019/10/09 4:15 p.m.20 views

Server side request forgery (ssrf)

Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had...

7.8CVSS7.8AI score0.65393EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2019/10/09 3:47 p.m.27 views

CVE-2017-7553

The externalrequest api call in App Studio millicore allows server side request forgery SSRF. An attacker could use this flaw to probe the network internal resources and access restricted endpoints...

6.5CVSS3.3AI score0.00699EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.17 views

PRODSECBUG-2309: Server-side request forgery via crafted connector endpoint 

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01714EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2019/10/04 1:25 a.m.30 views

Server-Side Request Forgery (SSRF)

libpcap.so is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists because rpcapd/daemon.c does not properly handle the opening of remote devices when provided with a URL as a capture source, allowing an attacker to submit requests on behalf of the server...

5.3CVSS2.8AI score0.02872EPSS
Exploits0References16Affected Software1
Prion
Prion
added 2019/10/03 7:15 p.m.17 views

Server side request forgery (ssrf)

rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source...

5CVSS5.8AI score0.02872EPSS
Exploits0References13Affected Software1
Rows per page
Query Builder