CVE-2018-1000639

The CVE-2018-1000639 entry concerns LatexDraw versions

CVE-2018-1712

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370...

Server side request forgery (ssrf)

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370...

CVE-2018-1712

IBM API Connect Developer Portal versions 5.0.0.0–5.0.8.3 are vulnerable to Server-Side Request Forgery (SSRF). The vulnerability arises from input parameters that can cause the server to issue requests inside the trusted network. IBM’s Security Bulletin confirms remediation in Version 5.0.8.3 iF...

CVE-2018-1712

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370...

CVE-2018-10511

A vulnerability in Trend Micro Control Manager versions 6.0 and 7.0 could allow an attacker to conduct a server-side request forgery SSRF attack on vulnerable installations...

Server side request forgery (ssrf)

A vulnerability in Trend Micro Control Manager versions 6.0 and 7.0 could allow an attacker to conduct a server-side request forgery SSRF attack on vulnerable installations...

Server side request forgery (ssrf)

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery SSRF vulnerability...

GHSA-PV4C-P2J5-38J4 Open Redirect in url-parse

Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery SSRF, or Bypass Authentication Protocol vulnerabilities. Recommendation Update to version 1.4.3 or later...

Wavemaker Studio 6.6 - Server-Side Request Forgery Vulnerability

Exploit for java platform in category web applications Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Vendor Homepage: http://www.wavemaker.com/ Software Link:...

Wavemaker Studio 6.6 - Server-Side Request Forgery

Wavemaker Studio 6.6 - Server-Side Request Forgery Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link:...

Wavemaker Studio 6.6 - Server-Side Request Forgery

Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link: https://github.com/cloudjee/wavemaker/blob/master/wavemaker/wavemaker-studio/ Affected Version...

CVE-2018-1999039

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials...

Server side request forgery (ssrf)

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials...

CVE-2018-1999026

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host...

CVE-2018-1999039

The CVE-2018-1999039 entry describes a Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin (v2.0.1 and earlier) affecting the ConfluenceSite.java component. The issue allows an attacker to cause Jenkins to submit login requests to a Confluence server URL of the attacker’s ch...

Responsive Filemanager 9.13.1 - Server-Side Request Forgery

Exploit Title: Responsive filemanager 9.13.1 - Server-Side Request Forgery Date: 2018-07-29 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: http://responsivefilemanager.com/ Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.1/responsivefilemanager.zip...

CVE-2018-1999017

Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery SSRF vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath$url that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. This attack appear...

idreamsoft iCMS Server-Side Request Forgery Vulnerability

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A server-side request forgery vulnerability exists in idreamsoft iCMS version 7.0.9. An attacker can exploit the vulnerability to read sensitive files and access the intranet...

Server side request forgery (ssrf)

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure...