Lucene search
K

9242 matches found

Prion
Prion
added 2019/05/09 9:29 p.m.13 views

Server side request forgery (ssrf)

TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be...

4CVSS7.4AI score0.05155EPSS
Exploits5References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/05/07 12:0 a.m.5 views

The vulnerability of the jackson-databind library, related to insufficient validation of incoming requests, allows a attacker to perform an SSRF attack.

The vulnerability of the jackson-databind library is related to insufficient checking of incoming requests. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute an SSRF attack using polymorphic deserialization...

10CVSS7.8AI score0.10458EPSS
Exploits0References4Affected Software3
Veracode
Veracode
added 2019/05/06 8:40 a.m.19 views

Server-Side Request Forgery (SSRF)

phpbb/phpbb is vulnerable to server-side request forgery SSRF. A remote attacker is able to send requests on behalf of the server via the remote avatar upload function. This allows for the discovery of and access to services running on the host, resulting in bypass of firewall rules or potentiall...

5.8CVSS5.9AI score0.01178EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2019/05/05 6:29 a.m.12 views

Server side request forgery (ssrf)

Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...

5CVSS5.7AI score0.01178EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/05/05 5:29 a.m.68 views

CVE-2019-11767

Summary of CVE-2019-11767: A server-side request forgery (SSRF) vulnerability in phpBB prior to 3.2.6. The issue, triggered via the remote avatar upload function, enables an attacker to check for the existence of files and services on the host’s local network. Affected software: phpBB versions be...

5.8CVSS5.9AI score0.01178EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/05/02 12:0 a.m.38 views

Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2 Multiple Vulnerabilities

Binary data 700661.prm...

10CVSS9.8AI score0.99913EPSS
Exploits20References3
UbuntuCve
UbuntuCve
added 2019/05/01 9:29 p.m.60 views

CVE-2019-0227

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

7.5CVSS6.8AI score0.86503EPSS
Exploits7References2
Prion
Prion
added 2019/05/01 9:29 p.m.63 views

Server side request forgery (ssrf)

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

5.4CVSS8.3AI score0.86503EPSS
Exploits7References12Affected Software37
OSV
OSV
added 2019/05/01 9:29 p.m.9 views

CVE-2019-0227

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

7.5CVSS7.4AI score0.86503EPSS
Exploits7References13
NVD
NVD
added 2019/04/27 2:29 p.m.16 views

CVE-2019-11565

Server Side Request Forgery SSRF exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter...

9.8CVSS9.6AI score0.0282EPSS
Exploits1References5
OSV
OSV
added 2019/04/27 2:29 p.m.15 views

CVE-2019-11565

Server Side Request Forgery SSRF exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter...

9.8CVSS7AI score
Exploits0References5
WPVulnDB
WPVulnDB
added 2019/04/27 12:0 a.m.10 views

Print My Blog <= 1.6.5 - Unauthenticated Server Side Request Forgery (SSRF)

The Print My Blog – Print, PDF, & eBook Converter WordPress Plugin WordPress plugin was affected by an Unauthenticated Server Side Request Forgery SSRF security vulnerability...

7.5CVSS2.9AI score0.0282EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2019/04/23 2:29 p.m.12 views

Server side request forgery (ssrf)

An XML external entity XXE vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

4CVSS7.1AI score0.01543EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/04/23 1:34 p.m.15 views

CVE-2018-17169

An XML external entity XXE vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

7.2AI score0.01543EPSS
Exploits1References1
OSV
OSV
added 2019/04/18 2:27 p.m.30 views

GHSA-FVX3-G627-PHM2 Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...

10CVSS9.4AI score0.01559EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2019/04/11 12:0 a.m.1756 views

Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF', 'Description' = %q This module exploits an XML external entity vulnerabilit...

0.7AI score0.99986EPSS
Exploits11
Hacker One
Hacker One
added 2019/04/08 5:29 a.m.62 views

Snapchat: Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata

Hey there, I was looking at your ads site with @daeken, we found some weird behavior in the import function of the creative app. Here are the steps: POC - Login to https://business.snapchat.com/ - Go to creative library - New Creative - Under "Topsnap Media", click on "Create" - Click on any of t...

6.8AI score
Exploits0
Metasploit
Metasploit
added 2019/04/01 12:32 p.m.55 views

Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF

This module exploits an XML external entity vulnerability and a server side request forgery to get unauthenticated code execution on Zimbra Collaboration Suite. The XML external entity vulnerability in the Autodiscover Servlet is used to read a Zimbra configuration file that contains an LDAP...

9.8CVSS8.2AI score0.99986EPSS
Exploits11
Prion
Prion
added 2019/03/28 9:29 p.m.19 views

Server side request forgery (ssrf)

In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request...

5CVSS7.5AI score0.01779EPSS
Exploits0References2Affected Software13
NVD
NVD
added 2019/03/25 7:29 p.m.16 views

CVE-2019-3395

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 the fixed version for 6.6.x, from version 6.7.0 before 6.8.5 the fixed version for 6.8.x, and from version 6.9.0 before 6.9.3 the fixed version for 6.9.x allows remote attackers to send arbitrary HTTP and WebD...

9.8CVSS9.5AI score0.06712EPSS
Exploits0References1
Rows per page
Query Builder