9242 matches found
Server side request forgery (ssrf)
TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be...
The vulnerability of the jackson-databind library, related to insufficient validation of incoming requests, allows a attacker to perform an SSRF attack.
The vulnerability of the jackson-databind library is related to insufficient checking of incoming requests. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute an SSRF attack using polymorphic deserialization...
Server-Side Request Forgery (SSRF)
phpbb/phpbb is vulnerable to server-side request forgery SSRF. A remote attacker is able to send requests on behalf of the server via the remote avatar upload function. This allows for the discovery of and access to services running on the host, resulting in bypass of firewall rules or potentiall...
Server side request forgery (ssrf)
Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...
CVE-2019-11767
Summary of CVE-2019-11767: A server-side request forgery (SSRF) vulnerability in phpBB prior to 3.2.6. The issue, triggered via the remote avatar upload function, enables an attacker to check for the existence of files and services on the host’s local network. Affected software: phpBB versions be...
Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2 Multiple Vulnerabilities
Binary data 700661.prm...
CVE-2019-0227
A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...
Server side request forgery (ssrf)
A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...
CVE-2019-0227
A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...
CVE-2019-11565
Server Side Request Forgery SSRF exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter...
CVE-2019-11565
Server Side Request Forgery SSRF exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter...
Print My Blog <= 1.6.5 - Unauthenticated Server Side Request Forgery (SSRF)
The Print My Blog – Print, PDF, & eBook Converter WordPress Plugin WordPress plugin was affected by an Unauthenticated Server Side Request Forgery SSRF security vulnerability...
Server side request forgery (ssrf)
An XML external entity XXE vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
CVE-2018-17169
An XML external entity XXE vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...
GHSA-FVX3-G627-PHM2 Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF', 'Description' = %q This module exploits an XML external entity vulnerabilit...
Snapchat: Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
Hey there, I was looking at your ads site with @daeken, we found some weird behavior in the import function of the creative app. Here are the steps: POC - Login to https://business.snapchat.com/ - Go to creative library - New Creative - Under "Topsnap Media", click on "Create" - Click on any of t...
Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF
This module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains an LDAP...
Server side request forgery (ssrf)
In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request...
CVE-2019-3395
The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 the fixed version for 6.6.x, from version 6.7.0 before 6.8.5 the fixed version for 6.8.x, and from version 6.9.0 before 6.9.3 the fixed version for 6.9.x allows remote attackers to send arbitrary HTTP and WebD...