9247 matches found
Server-Side Request Forgery (SSRF)
unoconv is vulnerable to server-side request forgery SSRF. The vulnerability exists because it does not validate the user supplied input pathnames, allowing a remote attacker to have full or partial control of the request to be executed in the context of the server process worker...
Cisco Finesse Server-Side Request Forgery (cisco-sa-20180718-finesse)
According to its self-reported version, Cisco Finesse Software is affected a vulnerability in the web-based management interface, which could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack. Please see the included Cisco BIDs and Cisco Security...
Cisco Finesse Appliance HTTP Request Processing Server-Side Request Forgery Vulnerability (cisco-sa-20160504-finesse)
According to its self-reported version, the Cisco Finesse appliance is affected by a server-side request forgery SSRF in application programming interface API for gadgets integration due to insufficient access controls. An unauthenticated, remote attacker can exploit this, via crafted HTTP reques...
Server-Side Request Forgery (SSRF)
wordpress is vulnerable to server-side request forgery SSRF. The URL validation does not consider the interpretation of a name as a series of hex characters, allowing a remote attacker to bypass the URL validation using hex values in the URL...
Server-Side Request Forgery (SSRF)
graphite-web is vulnerable to server-side request forgery SSRF. The sendemail function in graphite-web/webapp/graphite/composer/views.py can be used by an attacker to send a request on behalf of the Graphite web server. The corresponding response from the SSRF request is encoded into an image fil...
CVE-2019-17669
WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters...
Server side request forgery (ssrf)
WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters...
CVE-2019-17669
WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters...
WordPress 3.8.x < 3.8.31 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in Customizer. - An unspecified issue which could lead to disclosure of unauthenticated posts. - A cross-site scripting XSS...
WordPress 4.2.x < 4.2.25 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in Customizer. - An unspecified issue which could lead to disclosure of unauthenticated posts. - A cross-site scripting XSS...
WordPress 4.3.x < 4.3.21 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in Customizer. - An unspecified issue which could lead to disclosure of unauthenticated posts. - A cross-site scripting XSS...
WordPress 4.0.x < 4.0.28 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in Customizer. - An unspecified issue which could lead to disclosure of unauthenticated posts. - A cross-site scripting XSS...
WordPress 4.9.x < 4.9.12 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability in Customizer. - An unspecified issue which could lead to disclosure of unauthenticated posts. - A cross-site scripting XSS...
WordPress < 5.2.4 Multiple Vulnerabilities
According to its self-reported version number, the WordPress application running on the remote web server is affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated,...
wordpress -- multiple issues
wordpress developers reports: Props to Evan Ricafort for finding an issue where stored XSS cross-site scripting could be added via the Customizer. rops to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. Props to Weston Ruter for finding a way to create a stored XSS ...
Server side request forgery (ssrf)
Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had...
CVE-2017-7553
The externalrequest api call in App Studio millicore allows server side request forgery SSRF. An attacker could use this flaw to probe the network internal resources and access restricted endpoints...
PRODSECBUG-2309: Server-side request forgery via crafted connector endpoint
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
Server-Side Request Forgery (SSRF)
libpcap.so is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists because rpcapd/daemon.c does not properly handle the opening of remote devices when provided with a URL as a capture source, allowing an attacker to submit requests on behalf of the server...
Server side request forgery (ssrf)
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source...