9242 matches found
Zimbra XML Injection / Server-Side Request Forgery
coding=utf8 import requests import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning baseurl=sys.argv1 baseurl=baseurl.rstrip"/" upload file name and content modify by k8gege Connect "shell.jsp" using K8fly...
Zimbra 8.8.11 - XML External Entity Injection Server-Side Request Forgery
Zimbra 8.8.11 - XML External Entity Injection Server-Side Request Forgery coding=utf8 import requests import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning baseurl=sys.argv1 baseurl=baseurl.rstrip"/" uplo...
Jenkins < 2.107 / < 2.89.4 (LTS) Server-Side Request Forgery (SSRF) Vulnerability
The remote web server hosts a version of Jenkins that is prior to 2.107, or a version of Jenkins LTS prior to 2.89.4. It is, therefore, affected by a server-side request forgery SSRF vulnerability. Insufficient proxy configuration form access control allow attackers with overall/read access to...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...
Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
coding=utf8 import requests import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning baseurl=sys.argv1 baseurl=baseurl.rstrip"/" upload file name and content modify by k8gege Connect "shell.jsp" using K8fly...
FreeBSD : Gitlab -- Multiple Vulnerabilities (4091069e-860b-11e9-a05f-001b217b3468)
Gitlab reports : Remote Command Execution Vulnerability on Repository Download Feature Confidential Issue Titles Revealed to Restricted Users on Unsubscribe Disclosure of Milestone Metadata through the Search API Private Project Discovery via Comment Links Metadata of Confidential Issues Disclose...
TestLink 1.9.19 Server-Side Request Forgery
Exploit Title : TestLink version = 1.9.19 Server Side Request Forgery Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://testlink.org Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi Discovered At : Indishell Lab...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Remote Command Execution Vulnerability on Repository Download Feature Confidential Issue Titles Revealed to Restricted Users on Unsubscribe Disclosure of Milestone Metadata through the Search API Private Project Discovery via Comment Links Metadata of Confidential Issues Disclosed...
CVE-2019-10327
An XML external entities XXE vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for...
Server side request forgery (ssrf)
An XML external entities XXE vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for...
CVE-2018-17198
Server-side Request Forgery SSRF and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / Fil...
CVE-2017-13667
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF...
Open-Xchange OX App Suite Code Issue Vulnerability
The pen-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. Open-Xchange GmbH OX App Suite 7.8.4 and earlier versions are affected by: SSRF.There is currently no detailed...
Server side request forgery (ssrf)
An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation port-scanning and to perform requests to adjacent workstations network-scanning, aka SSRF...
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server. An attacker who successfully exploited this vulnerability could execute malicious code on a...
Server Side Request Forgery in Apache Axis
A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...
CCSP 7.2.5 API XML Injection / Server-Side Request Forgery
!-- Exploit Title: Enghouse Interactive´s CCSP 7.2.5 API XXE and SSRF vulnerability via unauthenticated GET Request Date: 05-08-2018 Exploit Author: David Herrero Vendor Homepage: https://www.enghouseinteractive.com Software Link:...
Server side request forgery (ssrf)
openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method...
Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery
Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery Exploit Title: Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery Date: 2/26/2019 Exploit Author: Alexandre Basquin Vendor Homepage: https://blog.thehive-project.org Software Link: https://github.com/TheHive-Project/Cort...
Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
Exploit Title: Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery Date: 2/26/2019 Exploit Author: Alexandre Basquin Vendor Homepage: https://blog.thehive-project.org Software Link: https://github.com/TheHive-Project/Cortex Version: Cortex = 2.1.3 Tested on: 2.1.3 CVE : CVE-2019-7652...