9242 matches found
CVE-2019-1003028
The provided connected documents confirm a server-side request forgery (SSRF) in Jenkins JMS Messaging Plugin up to version 1.1.1, caused by issues in SSLCertificateAuthenticationMethod.java and UsernameAuthenticationMethod.java. The vulnerability allows attackers with Overall/Read permission to ...
CVE-2019-1003026
The CVE describes a server-side request forgery in Jenkins Mattermost Notification Plugin (MattermostNotifier.java) affecting versions up to and including 2.6.2. The root cause is a lack of privilege checks that allows attackers with Overall/Read permission to instruct Jenkins to connect to an at...
SSRFmap - Automatic SSRF Fuzzer And Exploitation Tool
SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz. Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform...
Server side request forgery (ssrf)
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from...
CVE-2018-18569
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests with certain restrictions that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. Th...
CVE-2018-18569
The CVE-2018-18569 entry describes an SSRF vulnerability in Dundas BI server prior to 5.0.1.1010. By exploiting the viewUrl parameter of the “export the dashboard as an image” feature, an attacker can forge arbitrary requests and act on behalf of the attacker, potentially proxying requests to int...
CVE-2018-18569
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests with certain restrictions that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. Th...
Server side request forgery (ssrf)
PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it either by direct modification or MITM attacks when using remote rulesets to perform information disclosure, denial of service, or request forgery...
CVE-2019-1003020
A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL...
Server side request forgery (ssrf)
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF...
Open-Xchange (OX) App Suite Multiple Vulnerabilities (58742, 56457)
Open-Xchange OX App Suite is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...
Server side request forgery (ssrf)
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery...
CVE-2018-12609
OX App Suite (Open-Xchange) 7.8.4 and earlier is affected by a server-side request forgery (SSRF) in the backend content handling. Exploitation could cause the server to fetch arbitrary resources. Remediation: upgrade to 7.8.4-rev34 or 7.8.3-rev49 (fixed versions).
CVE-2018-12609
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery...
Adminer < 4.7.8 SSRF Vulnerability - Linux
Adminer is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Server side request forgery (ssrf)
A Server Side Request Forgery SSRF vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in getremotecontents in php/elFinder.class.php...
Open-Xchange (OX) App Suite SSRF Vulnerability (58874)
Open-Xchange OX App Suite is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
MGASA-2019-0002 Updated xmlrpc packages fix security vulnerabilities
XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted DTD CVE-2016-5002. A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that...
Server-Side Request Forgery (SSRF) in jackson-databind
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
GHSA-38RV-5JQC-M2CV Recurly vulnerable to SSRF
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the Resource.get method that could result in compromise of API keys or other critical resources...