Lucene search
K

9242 matches found

CVE
CVE
added 2019/02/20 9:0 p.m.45 views

CVE-2019-1003028

The provided connected documents confirm a server-side request forgery (SSRF) in Jenkins JMS Messaging Plugin up to version 1.1.1, caused by issues in SSLCertificateAuthenticationMethod.java and UsernameAuthenticationMethod.java. The vulnerability allows attackers with Overall/Read permission to ...

4.3CVSS4.5AI score0.00674EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/02/20 9:0 p.m.58 views

CVE-2019-1003026

The CVE describes a server-side request forgery in Jenkins Mattermost Notification Plugin (MattermostNotifier.java) affecting versions up to and including 2.6.2. The root cause is a lack of privilege checks that allows attackers with Overall/Read permission to instruct Jenkins to connect to an at...

4.3CVSS4.5AI score0.00896EPSS
Exploits0References2Affected Software1
Kitploit
Kitploit
added 2019/02/15 12:39 p.m.792 views

SSRFmap - Automatic SSRF Fuzzer And Exploitation Tool

SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz. Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform...

7.7AI score
Exploits0References3
Prion
Prion
added 2019/02/13 6:29 p.m.16 views

Server side request forgery (ssrf)

The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from...

4CVSS4.2AI score0.01142EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2019/02/11 9:29 p.m.28 views

CVE-2018-18569

The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests with certain restrictions that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. Th...

8.6CVSS8.6AI score0.01472EPSS
Exploits1References1
CVE
CVE
added 2019/02/11 9:0 p.m.50 views

CVE-2018-18569

The CVE-2018-18569 entry describes an SSRF vulnerability in Dundas BI server prior to 5.0.1.1010. By exploiting the viewUrl parameter of the “export the dashboard as an image” feature, an attacker can forge arbitrary requests and act on behalf of the attacker, potentially proxying requests to int...

8.6CVSS8.5AI score0.01472EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/02/11 9:0 p.m.25 views

CVE-2018-18569

The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests with certain restrictions that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. Th...

8.6AI score0.01472EPSS
Exploits1References1
Prion
Prion
added 2019/02/11 2:29 p.m.11 views

Server side request forgery (ssrf)

PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it either by direct modification or MITM attacks when using remote rulesets to perform information disclosure, denial of service, or request forgery...

6.8CVSS7.9AI score0.01234EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/02/06 4:29 p.m.11 views

CVE-2019-1003020

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL...

4.3CVSS4.5AI score0.00642EPSS
Exploits0References1
Prion
Prion
added 2019/01/31 7:29 p.m.21 views

Server side request forgery (ssrf)

The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF...

3.5CVSS5.9AI score0.02034EPSS
Exploits3References3Affected Software1
OpenVAS
OpenVAS
added 2019/01/31 12:0 a.m.38 views

Open-Xchange (OX) App Suite Multiple Vulnerabilities (58742, 56457)

Open-Xchange OX App Suite is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

5.5AI score
Exploits0References1
Prion
Prion
added 2019/01/30 3:29 p.m.14 views

Server side request forgery (ssrf)

OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery...

4CVSS6.5AI score0.01023EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2019/01/29 11:0 p.m.51 views

CVE-2018-12609

OX App Suite (Open-Xchange) 7.8.4 and earlier is affected by a server-side request forgery (SSRF) in the backend content handling. Exploitation could cause the server to fetch arbitrary resources. Remediation: upgrade to 7.8.4-rev34 or 7.8.3-rev49 (fixed versions).

6.5CVSS6.5AI score0.01023EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2019/01/29 11:0 p.m.24 views

CVE-2018-12609

OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery...

6.5AI score0.01023EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2019/01/20 12:0 a.m.382 views

Adminer < 4.7.8 SSRF Vulnerability - Linux

Adminer is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS9.4AI score0.04603EPSS
Exploits1References8
Prion
Prion
added 2019/01/14 8:29 a.m.17 views

Server side request forgery (ssrf)

A Server Side Request Forgery SSRF vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in getremotecontents in php/elFinder.class.php...

4CVSS7.4AI score0.01098EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2019/01/07 12:0 a.m.48 views

Open-Xchange (OX) App Suite SSRF Vulnerability (58874)

Open-Xchange OX App Suite is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.5AI score0.01023EPSS
Exploits2References1
OSV
OSV
added 2019/01/05 6:30 p.m.10 views

MGASA-2019-0002 Updated xmlrpc packages fix security vulnerabilities

XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted DTD CVE-2016-5002. A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that...

9.8CVSS8.4AI score0.14876EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2019/01/04 7:7 p.m.92 views

Server-Side Request Forgery (SSRF) in jackson-databind

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

10CVSS5.3AI score0.10458EPSS
Exploits0References31Affected Software1
OSV
OSV
added 2019/01/04 5:48 p.m.17 views

GHSA-38RV-5JQC-M2CV Recurly vulnerable to SSRF

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the Resource.get method that could result in compromise of API keys or other critical resources...

9.8CVSS9.4AI score0.02594EPSS
Exploits0References6
Rows per page
Query Builder