Lucene search
K

9242 matches found

Prion
Prion
added 2018/07/20 7:29 p.m.24 views

Server side request forgery (ssrf)

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure...

5CVSS7AI score0.04949EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/07/20 7:0 p.m.48 views

CVE-2018-5004

CVE-2018-5004 is an SSRF vulnerability in Adobe Experience Manager versions 6.2 and 6.3. Exploitation could disclose sensitive information; user interaction is not required and the attack is network-based. Remediation is available via Adobe APSB18-23 security update for AEM to fix the SSRF issues.

7.5CVSS7AI score0.04274EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/07/20 7:0 p.m.54 views

CVE-2018-5006

CVE-2018-5006 is a Server-Side Request Forgery vulnerability in Adobe Experience Manager (AEM) affecting version 6.4 and earlier. The issue allows an unauthenticated or remote attacker to trigger crafted HTTP requests from the vulnerable server, potentially leading to disclosure of sensitive info...

7.5CVSS7.2AI score0.53755EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/07/18 11:29 p.m.24 views

CVE-2018-0398

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack. Cisco Bug IDs: CSCvg71018...

9.8CVSS9.6AI score0.02062EPSS
Exploits0References2
Prion
Prion
added 2018/07/18 11:29 p.m.15 views

Server side request forgery (ssrf)

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack. Cisco Bug IDs: CSCvg71018...

7.5CVSS9.4AI score0.02062EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2018/07/18 11:0 p.m.9 views

CVE-2018-0398

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack. Cisco Bug IDs: CSCvg71018...

7.2AI score0.02062EPSS
Exploits0References2
Hacker One
Hacker One
added 2018/07/16 1:13 p.m.24 views

U.S. Dept Of Defense: Server-Side Request Forgery (SSRF)

Hi, I've found a Server-Side Request Forgery SSRF Steps to reproduce: + start listening on your server + navigate to http://██████/help/ACPS.htmhttp://$yourserver:$port + you will get the request ██████ Impact Server-Side Request Forgery SSRF Attack...

1.3AI score
Exploits0
0day.today
0day.today
added 2018/07/16 12:0 a.m.85 views

Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection Vulnerability

Exploit for java platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-12463 CVE: CVE-2018-12463 at...

0.2AI score0.13849EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/07/16 12:0 a.m.77 views

Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-12463 CVE: CVE-2018-12463 at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12463 CVSS: HIGH...

9.8CVSS8.7AI score0.13849EPSS
Exploits4
Prion
Prion
added 2018/07/13 8:29 p.m.9 views

Server side request forgery (ssrf)

In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided...

6.8CVSS7.2AI score0.00856EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2018/07/13 3:38 a.m.48 views

Slack: SSRF in api.slack.com, using slash commands and bypassing the protections.

Bypassing the reports 61312 and 356765 Tutorial: Go to api.slack.com and create an application with your own slash command. F320014 Enter your own domain: in your own domain: index.php location: http://:::22/ F320019 And save. Go to your Slack and type /youslash Try with my server...

0.2AI score
Exploits0
Prion
Prion
added 2018/07/10 1:29 p.m.10 views

Server side request forgery (ssrf)

In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any informati...

5CVSS9.3AI score0.0531EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2018/07/10 8:36 a.m.17 views

Server Side Request Forgery (SSRF)

concrete5 is susceptible to server side request forgery SSRF. The vulnerability is possible because of file replacing function in tools/files/importers/remote.php which allows to scan local network and to enumerate open TCP ports...

7.2CVSS6.8AI score0.01009EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/07/09 8:29 p.m.3 views

CVE-2018-13790

A Server Side Request Forgery SSRF vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page...

7.2CVSS6.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/07/09 12:0 a.m.51 views

Debian DLA-1415-1 : phpmyadmin security update

Several vulnerabilities were found in phpMyAdmin, the web-based MySQL administration interface, including SQL injection attacks, denial of service, arbitrary code execution, cross-site scripting, server-side request forgery, authentication bypass, and file system traversal. For Debian 8 'Jessie',...

9.8CVSS7.4AI score0.03189EPSS
Exploits0References13
OpenVAS
OpenVAS
added 2018/07/09 12:0 a.m.36 views

Debian: Security Advisory (DLA-1415-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.03189EPSS
Exploits0References3
Veracode
Veracode
added 2018/07/06 7:50 a.m.18 views

Server-Side Request Forgery (SSRF)

recurly-api-client is vulnerable to server-side request forgery SSRF attacks. This is due to the incorrect usage of the Uri.EscapeUriString function, which could allow an attacker to send a crafted request from the vulnerable client...

9.8CVSS9.1AI score0.02594EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/07/05 8:29 p.m.4 views

CVE-2018-12571

uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the origurl parameter, possibly causing a traffic amplification and/or SSRF outcome...

9.8CVSS5.9AI score0.30274EPSS
Exploits3References4
Prion
Prion
added 2018/07/03 9:29 p.m.15 views

Server side request forgery (ssrf)

DNN aka DotNetNuke before 9.2.0 suffers from a Server-Side Request Forgery SSRF vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources...

5CVSS7.3AI score0.12543EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/07/03 9:0 p.m.21 views

CVE-2017-0929

DNN aka DotNetNuke before 9.2.0 suffers from a Server-Side Request Forgery SSRF vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources...

7.3AI score0.12543EPSS
Exploits0References1
Rows per page
Query Builder