Lucene search
K

9242 matches found

NVD
NVD
added 2019/08/14 2:15 p.m.21 views

CVE-2019-0345

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java Administrator System Overview, versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP...

9.8CVSS9.7AI score0.0233EPSS
Exploits0References2
Prion
Prion
added 2019/08/14 2:15 p.m.15 views

Server side request forgery (ssrf)

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java Administrator System Overview, versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP...

5CVSS9.6AI score0.0233EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/14 1:54 p.m.22 views

CVE-2019-0345

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java Administrator System Overview, versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP...

9.7AI score0.0233EPSS
Exploits0References2
Veracode
Veracode
added 2019/08/14 5:27 a.m.13 views

Server Side Request Forgery (SSRF)

github.com/cactus/go-camo is vulnerable to server side request forgery SSRF. The vulnerability exists as the request type of GET/HEAD was improperly handled, allowed the request to be processed even though there was an error...

9.8CVSS1.8AI score0.02164EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2019/08/13 6:0 a.m.17 views

Server-side Request Forgery (SSRF)

magento/community-edition is vulnerable to server-side request forgery SSRF. The vulnerability exists as a user with access to the admin panel can manipulate system configuration and execute arbitrary code...

7.2CVSS4.1AI score0.01438EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/08/08 6:15 p.m.7 views

CVE-2019-12959

Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter...

8.8CVSS5.8AI score0.03108EPSS
Exploits0References1
NVD
NVD
added 2019/08/08 6:15 p.m.20 views

CVE-2019-12994

Server Side Request Forgery SSRF exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL...

9.1CVSS9.2AI score0.0439EPSS
Exploits0References1
CVE
CVE
added 2019/08/08 5:33 p.m.54 views

CVE-2019-12959

The CVE-2019-12959 entry concerns Zoho ManageEngine AssetExplorer, where a Server Side Request Forgery (SSRF) exists in the ClientUtilServlet via a URL parameter. Multiple connected sources confirm the affected product as AssetExplorer 6.2.0 and earlier, with the SSRF vulnerability intrinsic to t...

8.8CVSS8.6AI score0.03108EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/08/08 2:15 p.m.2 views

CVE-2019-13176

An issue was discovered in the 3CX Phone system web management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF reading local files, outbound HTTP, and outbound DNS...

7.5CVSS5.5AI score0.02461EPSS
Exploits1References3
Prion
Prion
added 2019/08/08 1:15 p.m.11 views

Server side request forgery (ssrf)

A Server Side Request Forgery SSRF vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints...

7.5CVSS9.3AI score0.02164EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/08/06 11:15 p.m.13 views

Server side request forgery (ssrf)

An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field...

7.5CVSS9.4AI score0.01928EPSS
Exploits0References3Affected Software3
NVD
NVD
added 2019/08/02 10:15 p.m.25 views

CVE-2019-7892

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery...

7.2CVSS7.3AI score0.01777EPSS
Exploits0References1
OSV
OSV
added 2019/08/02 10:15 p.m.12 views

CVE-2019-7892

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery...

7.2CVSS8.1AI score
Exploits0References1
OSV
OSV
added 2019/08/02 10:15 p.m.13 views

CVE-2019-7911

A server-side request forgery SSRF vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin pan...

7.2CVSS7.2AI score
Exploits0References1
Prion
Prion
added 2019/08/02 10:15 p.m.12 views

Remote code execution

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery...

6.5CVSS7.3AI score0.01777EPSS
Exploits0References1Affected Software1
Krebs on Security
Krebs on Security
added 2019/08/02 9:30 p.m.58 views

What We Can Learn from the Capital One Hack

On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One. Since then, many have speculated the breach was perhaps the result of a previously unknown "zero-day" flaw, or an "insider" attack in which the accus...

7AI score
Exploits0
Cvelist
Cvelist
added 2019/08/02 9:23 p.m.22 views

CVE-2019-7892

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery...

7.5AI score0.01777EPSS
Exploits0References1
Prion
Prion
added 2019/07/30 10:15 p.m.26 views

Server side request forgery (ssrf)

Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery SSRF flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an...

4CVSS5.9AI score0.02138EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/07/30 9:15 p.m.116 views

CVE-2019-7616

CVE-2019-7616 affects Kibana prior to 6.8.2 and 7.2.1, where the graphite integration in Timelion is vulnerable to server-side request forgery (SSRF). The issue arises when an admin can set timelion:graphite.url to an arbitrary URL, potentially allowing the Kibana process to access external resou...

4.9CVSS5.8AI score0.02138EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/30 12:0 a.m.4 views

PT-2019-18668 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 6.8.2 Kibana versions prior to 7.2.1 Description: The issue is related to a server side request forgery SSRF flaw in the graphite integration for the Timelion visualizer. An attacker with administrative access could s...

4.9CVSS4.7AI score0.02138EPSS
Exploits1References5
Rows per page
Query Builder