Lucene search
K

9242 matches found

OSV
OSV
added 2019/01/04 5:48 p.m.17 views

GHSA-38RV-5JQC-M2CV Recurly vulnerable to SSRF

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the Resource.get method that could result in compromise of API keys or other critical resources...

9.8CVSS9.4AI score0.02594EPSS
Exploits0References6
NVD
NVD
added 2019/01/02 6:29 p.m.19 views

CVE-2018-14721

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

10CVSS9.4AI score0.10458EPSS
Exploits0References29
Prion
Prion
added 2019/01/02 6:29 p.m.35 views

Deserialization of untrusted data

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

7.5CVSS9.3AI score0.10458EPSS
Exploits0References29Affected Software12
Cvelist
Cvelist
added 2019/01/02 6:0 p.m.25 views

CVE-2018-14721

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

9.5AI score0.10458EPSS
Exploits0References29
Debian CVE
Debian CVE
added 2019/01/02 6:0 p.m.32 views

CVE-2018-14721

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

10CVSS9.9AI score0.10458EPSS
Exploits0
Prion
Prion
added 2018/12/30 6:29 p.m.18 views

Server side request forgery (ssrf)

Jspxcms v9.0.0 allows SSRF...

7.5CVSS9.4AI score0.01142EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/12/24 8:29 p.m.31 views

Server side request forgery (ssrf)

DISPUTED The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects on...

6.8CVSS7.8AI score0.01554EPSS
Exploits1References2Affected Software2
OSV
OSV
added 2018/12/20 10:2 p.m.36 views

GHSA-77HP-PFXW-4W63 XML External Entity (XXE) vulnerability in codelibs fess

codelibs fess version before commit faa265b contains a XML External Entity XXE vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This...

10CVSS5.8AI score0.01937EPSS
Exploits0References5
OSV
OSV
added 2018/12/20 3:29 p.m.3 views

CVE-2018-1000829

Anyplace version before commit 80359b4 contains a XML External Entity XXE vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4...

9CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2018/12/20 3:29 p.m.1 views

UBUNTU-CVE-2018-1000833

ZoneMinder version = 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution...

9.8CVSS6.1AI score0.03232EPSS
Exploits0References4
Vulnerability Lab
Vulnerability Lab
added 2018/12/17 12:0 a.m.44 views

Subsonic v6.1.5 - Server Side Request Forgery & CSRF

Document Title: =============== Subsonic v6.1.5 - Server Side Request Forgery & CSRF References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2175 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20228 CVE-ID: ======= CVE-2018-20228 Release Date:...

8CVSS0.1AI score0.0042EPSS
Exploits3
Atlassian
Atlassian
added 2018/12/03 2:58 a.m.37 views

The VerifyPopServerConnection resource was vulnerable to SSRF - CVE-2018-13404

The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from...

4.1CVSS2.5AI score0.01142EPSS
Exploits0
Hacker One
Hacker One
added 2018/11/29 5:16 p.m.21 views

Lyft: My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft

During a trip to a conference, I discovered that the Lyft app allowed users to create expense reports by exporting business ride history as a PDF or CSV file. Being an active Lyft user, this was excellent news to me since it made my life easier by simplifying the tedious process of work travel...

6.6AI score
Exploits0
NVD
NVD
added 2018/11/28 10:29 p.m.15 views

CVE-2018-19651

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL...

6.5CVSS6.4AI score0.00848EPSS
Exploits0References1
OSV
OSV
added 2018/11/28 10:29 p.m.4 views

CVE-2018-19651

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL...

6.5CVSS5.8AI score0.00848EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/11/28 10:0 p.m.20 views

CVE-2018-19651

admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery SSRF via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL...

6.5AI score0.00848EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/11/21 9:55 p.m.58 views

Uber: [usuppliers.uber.com] - Server Side Request Forgery via XXE OOB

It was possible to determine open internal ports on an usuppliers.uber.com server, via examination of different error messages to a specific POST request made with various payloads. This error message discrepancy would allow an attacker to discover open internal ports, potentially allowing more...

5CVSS3.2AI score0.0392EPSS
Exploits0
exploitpack
exploitpack
added 2018/11/12 12:0 a.m.73 views

D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery

D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery Exploit Title: D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery Author: John Page aka hyp3rlinx Date: 2018-11-09 Vendor: http://us.dlink.com Product Link:...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2018/11/12 12:0 a.m.21 views

TufinOS 2.17 Build 1193 - XML External Entity Injection

TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Title: TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Author: konstantinos Alexiou Date: 2018-10-18 Vendor: https://www.tufin.com Software Link: https://www.tufin.com/tufin-orchestration-suite/securetrack CVE: N/A...

7.8AI score
Exploits0
0day.today
0day.today
added 2018/11/12 12:0 a.m.180 views

TufinOS 2.17 Build 1193 - XML External Entity Injection Vulnerability

Exploit for linux platform in category web applications Exploit Title: TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Author: konstantinos Alexiou Vendor: https://www.tufin.com Software Link: https://www.tufin.com/tufin-orchestration-suite/securetrack CVE: N/A Category: webapps 1...

7.4AI score
Exploits0
Rows per page
Query Builder