9242 matches found
GHSA-38RV-5JQC-M2CV Recurly vulnerable to SSRF
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the Resource.get method that could result in compromise of API keys or other critical resources...
CVE-2018-14721
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
Deserialization of untrusted data
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
CVE-2018-14721
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
CVE-2018-14721
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
Server side request forgery (ssrf)
Jspxcms v9.0.0 allows SSRF...
Server side request forgery (ssrf)
DISPUTED The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects on...
GHSA-77HP-PFXW-4W63 XML External Entity (XXE) vulnerability in codelibs fess
codelibs fess version before commit faa265b contains a XML External Entity XXE vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This...
CVE-2018-1000829
Anyplace version before commit 80359b4 contains a XML External Entity XXE vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4...
UBUNTU-CVE-2018-1000833
ZoneMinder version = 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution...
Subsonic v6.1.5 - Server Side Request Forgery & CSRF
Document Title: =============== Subsonic v6.1.5 - Server Side Request Forgery & CSRF References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2175 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20228 CVE-ID: ======= CVE-2018-20228 Release Date:...
The VerifyPopServerConnection resource was vulnerable to SSRF - CVE-2018-13404
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from...
Lyft: My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft
During a trip to a conference, I discovered that the Lyft app allowed users to create expense reports by exporting business ride history as a PDF or CSV file. Being an active Lyft user, this was excellent news to me since it made my life easier by simplifying the tedious process of work travel...
CVE-2018-19651
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL...
CVE-2018-19651
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL...
CVE-2018-19651
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL...
Uber: [usuppliers.uber.com] - Server Side Request Forgery via XXE OOB
It was possible to determine open internal ports on an usuppliers.uber.com server, via examination of different error messages to a specific POST request made with various payloads. This error message discrepancy would allow an attacker to discover open internal ports, potentially allowing more...
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery Exploit Title: D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery Author: John Page aka hyp3rlinx Date: 2018-11-09 Vendor: http://us.dlink.com Product Link:...
TufinOS 2.17 Build 1193 - XML External Entity Injection
TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Title: TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Author: konstantinos Alexiou Date: 2018-10-18 Vendor: https://www.tufin.com Software Link: https://www.tufin.com/tufin-orchestration-suite/securetrack CVE: N/A...
TufinOS 2.17 Build 1193 - XML External Entity Injection Vulnerability
Exploit for linux platform in category web applications Exploit Title: TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Author: konstantinos Alexiou Vendor: https://www.tufin.com Software Link: https://www.tufin.com/tufin-orchestration-suite/securetrack CVE: N/A Category: webapps 1...