9242 matches found
D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Greetz: indoushka | Eduardo B. Vendor us.dlink.com Product D-LINK Central WifiManager...
Security Bulletin: IBM API Connect Developer Portal is vulnerable to Server Side Request Forgery (CVE-2018-1712)
Summary IBM API Connect has addressed the following vulnerability. IBM API Connect Developer Portal is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network...
Nextcloud: Server-Side request forgery in New-Subscription feature of the calendar app
CVSS ---- 8.5 High CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Description ----------- The "New Subscription" functionality of the official Calendar app allows authenticated users to direct the server to perform arbitrary external requests, and then displays the full response to the user. The...
Mail.ru: Server side request forgery
SSRF in eu.portal.sf.my.com allowed to proxy request to another host...
Oracle Siebel CRM 8.1.1 - CSV Injection Vulnerability
Exploit for java platform in category web applications Exploit Title: Oracle Siebel CRM 8.1.1 - CSV Injection Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link:...
GHSA-6XQ8-PVG4-3MF3 Eclipse RDF4j vulnerable to XML External Entity
Eclipse RDF4j version 2.4.0 Milestone 2 contains a XML External Entity XXE vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially...
Eclipse RDF4j vulnerable to XML External Entity
Eclipse RDF4j version 2.4.0 Milestone 2 contains a XML External Entity XXE vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially...
GHSA-XPWP-RQ3X-X6V7 Critical severity vulnerability that affects recurly-api-client
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...
Critical severity vulnerability that affects recurly-api-client
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...
GHSA-G8J6-M4P7-5RFQ High severity vulnerability that affects DotNetNuke.Core
DNN aka DotNetNuke before 9.2.0 suffers from a Server-Side Request Forgery SSRF vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources...
XXRF Shots - Tool to Test SSRF Vulnerabilities
What is SSRF vulnerability? Server Side Request Forgery SSRF is a type of vulnerability class where attacker sends crafted request from a vulnerable web application, including the unauthorised access to the internal resources behind the firewall which are inaccessible directly from the external...
XML External Entity (XXE)
dd-plist is vulnerable to XML external entity attacks. The doctype declaration and external entities settings in the XML parser are not disabled by default which would potentially allow attackers to retrieve confidential data or perform server side request forgery...
SAP Hybris Commerce Omni Commerce Connect API Server-Side Request Forgery Vulnerability
SAP Hybris Commerce is a SAP solution for handling high visitor and order volumes in e-commerce, and the Omni Commerce Connect API OCC is one of the full-service connectivity APIs. A server-side request forgery vulnerability exists in OCC in SAP Hybris Commerce version 6. The vulnerability stems...
Server side request forgery (ssrf)
The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...
CVE-2018-1789
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939...
Server side request forgery (ssrf)
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939...
U.S. Dept Of Defense: SSRF on ████████
Summary: The web application hosted on the "███████" domain is affected by a Server Side Request Forgery SSRF vulnerability that could allows an attacker to force the application to make requests to arbitrary targets. Description: The affected handler is the "/xmlrpc/pingback/". This handler...
XML External Entity (XXE)
pmml-model is vulnerable to XML external entity attacks. The doctype declaration is not disabled in the XML Reader which would potentially allow attackers to retrieve confidential data, perform server side request forgery or cause a denial of service condition...
Security Bulletin: IBM API Connect is vulnerable to Server Side Request Forgery (CVE-2018-1789)
Summary IBM API Connect has addressed the following vulnerability: IBM API Connect is vulnerable to Server Side Request Forgery via a proxy service. Vulnerability Details CVEID: CVE-2018-1789 DESCRIPTION: IBM API Connect v2018.x could allow an attacker to send a specially crafted request to condu...
Server side request forgery (ssrf)
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF...