Lucene search
K

9242 matches found

Packet Storm
Packet Storm
added 2019/07/26 12:0 a.m.126 views

Moodle Filepicker 3.5.2 Server-Side Request Forgery

Exploit Title: Server Side Request Forgery in Moodle Filepicker Google Dork: / Date: 2019-07-25 Exploit Author: Fabian Mosch & Nick Theisinger r-tec IT Security GmbH Vendor Homepage: https://moodle.org/ Software Link: https://github.com/moodle/moodle Version: Moodle Versions 3.4, 3.3, 3.3.3, 3.2 ...

4CVSS0.6AI score0.15855EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/07/26 12:0 a.m.319 views

Moodle Filepicker 3.5.2 - Server Side Request Forgery

Exploit Title: Server Side Request Forgery in Moodle Filepicker Google Dork: / Date: 2019-07-25 Exploit Author: Fabian Mosch & Nick Theisinger r-tec IT Security GmbH Vendor Homepage: https://moodle.org/ Software Link: https://github.com/moodle/moodle Version: Moodle Versions 3.4, 3.3, 3.3.3, 3.2 ...

6.5CVSS6.7AI score0.15855EPSS
Exploits4
Hacker One
Hacker One
added 2019/07/25 11:24 a.m.18 views

Lark Technologies: Server Side Request Forgery

It was found that one lark endpoint was susceptible to a Server-Side Request Forgery SSRF vulnerability using the parameter "URL" which could have potentially been used by an attacker to conduct host/port scanning on the internal network. We thank @jin0ne for reporting this to our team and...

2.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/07/22 2:53 p.m.3 views

jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

10CVSS7.4AI score0.10458EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/07/22 2:53 p.m.3 views

jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

10CVSS7.4AI score0.10458EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/07/19 12:0 a.m.54 views

Oracle Primavera Unifier Multiple Vulnerabilities (Jul 2019 CPU)

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 15.x or 16.x prior to 16.2.15.9 or 17.7.x prior to 17.12.11 or 18.x prior to 18.8.11. It is, therefore, affected by multiple vulnerabilities: - A deserialization...

9.8CVSS7.8AI score0.77508EPSS
Exploits3References5
Hacker One
Hacker One
added 2019/07/14 1:27 a.m.13 views

Infogram: Bypass for blind SSRF #281950 and #287496

Hello, when checking these 2 reports 281950 and 287496 i found that it can be bypassed using IPv6/IPv4 Address Embedding Steps to reproduce: 1-access this link https://infogram.com/api/webresource/url?q=http://0:0:0:0:0:ffff:127.0.0.1 POC: F528736 Refrences:...

0.3AI score
Exploits0
Prion
Prion
added 2019/07/10 5:15 p.m.19 views

Server side request forgery (ssrf)

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks...

4CVSS7.4AI score0.27983EPSS
Exploits5References4Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/10 12:0 a.m.2 views

PT-2019-9854 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.18 up to 11.3.10 GitLab CE/EE versions 11.4 up to 11.4.7 GitLab CE/EE versions 11.5 up to 11.5.0 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability in webhooks. This means an attacker...

7.7CVSS7.4AI score0.27983EPSS
Exploits5References12
Tenable Nessus
Tenable Nessus
added 2019/07/05 12:0 a.m.29 views

Debian DLA-1844-1 : lemonldap-ng security update

It was discovered that there was a XML external entity vulnerability in the lemonldap-ng single-sign on system. This may have led to the disclosure of confidential data, denial of service, server side request forgery, port scanning, etc. For Debian 8 'Jessie', this issue has been fixed in...

8.1CVSS7.5AI score0.01934EPSS
Exploits0References3
Veracode
Veracode
added 2019/07/04 6:27 a.m.25 views

Server-Side Request Forgery (SSRF)

hawtio-system is vulnerable to server-side request forgery SSRF. A proxy whitelist that is configured to prevent accessing arbitrary URLs was configured but the vulnerability still exists as it is possible to submit HTTP requests to local addresses through the /proxy/ servlet page. This allows a...

9.8CVSS2.1AI score0.26803EPSS
Exploits3References2Affected Software1
Prion
Prion
added 2019/07/03 9:15 p.m.38 views

Server side request forgery (ssrf)

Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI...

7.5CVSS9.3AI score0.26803EPSS
Exploits3References1Affected Software1
OpenVAS
OpenVAS
added 2019/06/25 12:0 a.m.178 views

ikiwiki < 3.20170111.1, 3.2018x < 3.20190228 SSRF Vulnerability

ikiwiki is prone to a server-side request forgery SSRF vulnerability via the aggregate plugin. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.5CVSS7.7AI score0.01699EPSS
Exploits0References1
Prion
Prion
added 2019/06/11 2:29 p.m.24 views

Server side request forgery (ssrf)

An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...

5CVSS7.5AI score0.01999EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2019/06/11 1:15 p.m.47 views

CVE-2019-10337

An XML external entities XXE vulnerability in Jenkins Token Macro Plugin 2.7 and earlier allowed attackers able to control a the content of the input file for the "XML" macro to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side...

6.9AI score0.01999EPSS
Exploits0References5
CVE
CVE
added 2019/06/11 1:15 p.m.101 views

CVE-2019-10337

CVE-2019-10337 concerns an XML External Entity (XXE) vulnerability in the Jenkins Token Macro Plugin (versions 2.7 and earlier). The root cause is XXE processing when the ${XML} macro processes input, allowing an attacker who can influence the input file to trigger external entity resolution. Doc...

7.5CVSS6.8AI score0.01999EPSS
Exploits0References5Affected Software1
0day.today
0day.today
added 2019/06/06 12:0 a.m.707 views

Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery Vulnerability

Exploit for jsp platform in category web applications Zimbra |";int c;while c = in.read != -1 out.printcharc;in.close;out.print"|' printbaseurl dtd file url dtdurl="https://k8gege.github.io/zimbra.dtd" """ " !ENTITY % all "!ENTITY fileContents '%start;...

5CVSS7.7AI score0.80906EPSS
Exploits10
Saint
Saint
added 2019/06/06 12:0 a.m.137 views

Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery

Added: 06/06/2019 CVE: CVE-2019-9621 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem The ProxyServlet component allows a remote attacker to upload arbitrary files, which can then be executed, using XML External Entity injection and...

5CVSS8AI score0.80906EPSS
Exploits10
Saint
Saint
added 2019/06/06 12:0 a.m.54 views

Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery

Added: 06/06/2019 CVE: CVE-2019-9621 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem The ProxyServlet component allows a remote attacker to upload arbitrary files, which can then be executed, using XML External Entity injection and...

7.5CVSS8AI score0.80906EPSS
Exploits10
Prion
Prion
added 2019/06/05 5:29 p.m.24 views

Server side request forgery (ssrf)

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...

7.5CVSS9.4AI score0.02433EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder