Lucene search
K

9242 matches found

Packet Storm
Packet Storm
added 2018/11/09 12:0 a.m.226 views

D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Greetz: indoushka | Eduardo B. Vendor us.dlink.com Product D-LINK Central WifiManager...

0.3AI score0.44101EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/01 9:30 p.m.24 views

Security Bulletin: IBM API Connect Developer Portal is vulnerable to Server Side Request Forgery (CVE-2018-1712)

Summary IBM API Connect has addressed the following vulnerability. IBM API Connect Developer Portal is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network...

9.9CVSS1.4AI score0.00713EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2018/10/24 12:13 p.m.25 views

Nextcloud: Server-Side request forgery in New-Subscription feature of the calendar app

CVSS ---- 8.5 High CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Description ----------- The "New Subscription" functionality of the official Calendar app allows authenticated users to direct the server to perform arbitrary external requests, and then displays the full response to the user. The...

4CVSS0.3AI score0.01287EPSS
Exploits1
Hacker One
Hacker One
added 2018/10/23 10:30 a.m.31 views

Mail.ru: Server side request forgery

SSRF in eu.portal.sf.my.com allowed to proxy request to another host...

2.5AI score
Exploits0
0day.today
0day.today
added 2018/10/22 12:0 a.m.37 views

Oracle Siebel CRM 8.1.1 - CSV Injection Vulnerability

Exploit for java platform in category web applications Exploit Title: Oracle Siebel CRM 8.1.1 - CSV Injection Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link:...

Exploits0
OSV
OSV
added 2018/10/19 4:54 p.m.16 views

GHSA-6XQ8-PVG4-3MF3 Eclipse RDF4j vulnerable to XML External Entity

Eclipse RDF4j version 2.4.0 Milestone 2 contains a XML External Entity XXE vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially...

10CVSS9AI score0.02034EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2018/10/19 4:54 p.m.32 views

Eclipse RDF4j vulnerable to XML External Entity

Eclipse RDF4j version 2.4.0 Milestone 2 contains a XML External Entity XXE vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially...

10CVSS9AI score0.02034EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/10/16 5:35 p.m.28 views

GHSA-XPWP-RQ3X-X6V7 Critical severity vulnerability that affects recurly-api-client

The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...

9.8CVSS9.4AI score0.02594EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2018/10/16 5:35 p.m.31 views

Critical severity vulnerability that affects recurly-api-client

The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...

9.8CVSS3.6AI score0.02594EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2018/10/16 5:18 p.m.17 views

GHSA-G8J6-M4P7-5RFQ High severity vulnerability that affects DotNetNuke.Core

DNN aka DotNetNuke before 9.2.0 suffers from a Server-Side Request Forgery SSRF vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources...

7.5CVSS6.4AI score0.12543EPSS
Exploits0References4
Kitploit
Kitploit
added 2018/10/11 12:12 p.m.126 views

XXRF Shots - Tool to Test SSRF Vulnerabilities

What is SSRF vulnerability? Server Side Request Forgery SSRF is a type of vulnerability class where attacker sends crafted request from a vulnerable web application, including the unauthorised access to the internal resources behind the firewall which are inaccessible directly from the external...

7.3AI score
Exploits0References1
Veracode
Veracode
added 2018/10/02 3:9 a.m.16 views

XML External Entity (XXE)

dd-plist is vulnerable to XML external entity attacks. The doctype declaration and external entities settings in the XML parser are not disabled by default which would potentially allow attackers to retrieve confidential data or perform server side request forgery...

7.8CVSS7.5AI score0.00543EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2018/09/29 12:0 a.m.4 views

SAP Hybris Commerce Omni Commerce Connect API Server-Side Request Forgery Vulnerability

SAP Hybris Commerce is a SAP solution for handling high visitor and order volumes in e-commerce, and the Omni Commerce Connect API OCC is one of the full-service connectivity APIs. A server-side request forgery vulnerability exists in OCC in SAP Hybris Commerce version 6. The vulnerability stems...

8.6CVSS8.7AI score0.01638EPSS
Exploits0References1
Prion
Prion
added 2018/09/11 3:29 p.m.17 views

Server side request forgery (ssrf)

The Omni Commerce Connect API OCC of SAP Hybris Commerce, versions 6., is vulnerable to server-side request forgery SSRF attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC...

5CVSS8.5AI score0.01638EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/09/07 3:29 p.m.15 views

CVE-2018-1789

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939...

9.9CVSS8.6AI score0.01231EPSS
Exploits0References2
Prion
Prion
added 2018/09/07 3:29 p.m.19 views

Server side request forgery (ssrf)

IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939...

6.5CVSS8.7AI score0.01231EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2018/09/06 8:42 a.m.12 views

U.S. Dept Of Defense: SSRF on ████████

Summary: The web application hosted on the "███████" domain is affected by a Server Side Request Forgery SSRF vulnerability that could allows an attacker to force the application to make requests to arbitrary targets. Description: The affected handler is the "/xmlrpc/pingback/". This handler...

0.2AI score
Exploits0
Veracode
Veracode
added 2018/09/05 3:9 a.m.7 views

XML External Entity (XXE)

pmml-model is vulnerable to XML external entity attacks. The doctype declaration is not disabled in the XML Reader which would potentially allow attackers to retrieve confidential data, perform server side request forgery or cause a denial of service condition...

6.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/04 8:56 p.m.23 views

Security Bulletin: IBM API Connect is vulnerable to Server Side Request Forgery (CVE-2018-1789)

Summary IBM API Connect has addressed the following vulnerability: IBM API Connect is vulnerable to Server Side Request Forgery via a proxy service. Vulnerability Details CVEID: CVE-2018-1789 DESCRIPTION: IBM API Connect v2018.x could allow an attacker to send a specially crafted request to condu...

9.9CVSS2.4AI score0.01231EPSS
Exploits0Affected Software1
Prion
Prion
added 2018/09/03 7:29 p.m.16 views

Server side request forgery (ssrf)

In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF...

5CVSS8.5AI score0.01331EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder