Lucene search
K

9242 matches found

Packet Storm
Packet Storm
added 2019/06/05 12:0 a.m.463 views

Zimbra XML Injection / Server-Side Request Forgery

coding=utf8 import requests import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning baseurl=sys.argv1 baseurl=baseurl.rstrip"/" upload file name and content modify by k8gege Connect "shell.jsp" using K8fly...

5CVSS0.9AI score0.80906EPSS
Exploits10
exploitpack
exploitpack
added 2019/06/05 12:0 a.m.39 views

Zimbra 8.8.11 - XML External Entity Injection Server-Side Request Forgery

Zimbra 8.8.11 - XML External Entity Injection Server-Side Request Forgery coding=utf8 import requests import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning baseurl=sys.argv1 baseurl=baseurl.rstrip"/" uplo...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/06/05 12:0 a.m.38 views

Jenkins < 2.107 / < 2.89.4 (LTS) Server-Side Request Forgery (SSRF) Vulnerability

The remote web server hosts a version of Jenkins that is prior to 2.107, or a version of Jenkins LTS prior to 2.89.4. It is, therefore, affected by a server-side request forgery SSRF vulnerability. Insufficient proxy configuration form access control allow attackers with overall/read access to...

5.3CVSS6.4AI score0.01678EPSS
Exploits0References4
CISA
CISA
added 2019/06/05 12:0 a.m.14 views

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...

7.4AI score
Exploits0References9
Exploit DB
Exploit DB
added 2019/06/05 12:0 a.m.429 views

Zimbra &lt; 8.8.11 - XML External Entity Injection / Server-Side Request Forgery

coding=utf8 import requests import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning baseurl=sys.argv1 baseurl=baseurl.rstrip"/" upload file name and content modify by k8gege Connect "shell.jsp" using K8fly...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/06/04 12:0 a.m.24 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (4091069e-860b-11e9-a05f-001b217b3468)

Gitlab reports : Remote Command Execution Vulnerability on Repository Download Feature Confidential Issue Titles Revealed to Restricted Users on Unsubscribe Disclosure of Milestone Metadata through the Search API Private Project Discovery via Comment Links Metadata of Confidential Issues Disclose...

9.8CVSS5.8AI score0.02644EPSS
Exploits0References15
Packet Storm
Packet Storm
added 2019/06/03 12:0 a.m.225 views

TestLink 1.9.19 Server-Side Request Forgery

Exploit Title : TestLink version = 1.9.19 Server Side Request Forgery Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://testlink.org Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi Discovered At : Indishell Lab...

0.5AI score
Exploits0
FreeBSD
FreeBSD
added 2019/06/03 12:0 a.m.118 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Remote Command Execution Vulnerability on Repository Download Feature Confidential Issue Titles Revealed to Restricted Users on Unsubscribe Disclosure of Milestone Metadata through the Search API Private Project Discovery via Comment Links Metadata of Confidential Issues Disclosed...

9.8CVSS2.2AI score0.02644EPSS
Exploits0References1
NVD
NVD
added 2019/05/31 3:29 p.m.18 views

CVE-2019-10327

An XML external entities XXE vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for...

8.1CVSS8.1AI score0.01467EPSS
Exploits0References3
Prion
Prion
added 2019/05/31 3:29 p.m.17 views

Server side request forgery (ssrf)

An XML external entities XXE vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for...

5.5CVSS8AI score0.01467EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/05/28 5:8 p.m.20 views

CVE-2018-17198

Server-side Request Forgery SSRF and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / Fil...

9.5AI score0.04124EPSS
Exploits0References2
OSV
OSV
added 2019/05/23 6:29 p.m.5 views

CVE-2017-13667

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF...

9.9CVSS5.8AI score0.00903EPSS
Exploits0References2
CNVD
CNVD
added 2019/05/23 12:0 a.m.5 views

Open-Xchange OX App Suite Code Issue Vulnerability

The pen-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. Open-Xchange GmbH OX App Suite 7.8.4 and earlier versions are affected by: SSRF.There is currently no detailed...

4.3CVSS6.8AI score0.00728EPSS
Exploits0References1
Prion
Prion
added 2019/05/14 3:29 p.m.13 views

Server side request forgery (ssrf)

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation port-scanning and to perform requests to adjacent workstations network-scanning, aka SSRF...

5CVSS5.7AI score0.0139EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2019/05/14 7:0 a.m.26 views

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server. An attacker who successfully exploited this vulnerability could execute malicious code on a...

9CVSS2.5AI score0.08464EPSS
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2019/05/14 12:0 a.m.21 views

Server Side Request Forgery in Apache Axis

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

7.5CVSS6.5AI score0.86503EPSS
Exploits7References17
Packet Storm
Packet Storm
added 2019/05/11 12:0 a.m.66 views

CCSP 7.2.5 API XML Injection / Server-Side Request Forgery

!-- Exploit Title: Enghouse Interactive´s CCSP 7.2.5 API XXE and SSRF vulnerability via unauthenticated GET Request Date: 05-08-2018 Exploit Author: David Herrero Vendor Homepage: https://www.enghouseinteractive.com Software Link:...

0.9AI score0.01628EPSS
Exploits2
Prion
Prion
added 2019/05/10 8:29 p.m.9 views

Server side request forgery (ssrf)

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method...

7.5CVSS9.1AI score0.01514EPSS
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2019/05/10 12:0 a.m.19 views

Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery

Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery Exploit Title: Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery Date: 2/26/2019 Exploit Author: Alexandre Basquin Vendor Homepage: https://blog.thehive-project.org Software Link: https://github.com/TheHive-Project/Cort...

4CVSS0.4AI score0.05155EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/05/10 12:0 a.m.361 views

Cortex Unshortenlink Analyzer &lt; 1.1 - Server-Side Request Forgery

Exploit Title: Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery Date: 2/26/2019 Exploit Author: Alexandre Basquin Vendor Homepage: https://blog.thehive-project.org Software Link: https://github.com/TheHive-Project/Cortex Version: Cortex = 2.1.3 Tested on: 2.1.3 CVE : CVE-2019-7652...

7.7CVSS7.6AI score0.05155EPSS
Exploits5
Rows per page
Query Builder