9242 matches found
Server side request forgery (ssrf)
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure...
CVE-2018-5004
CVE-2018-5004 is an SSRF vulnerability in Adobe Experience Manager versions 6.2 and 6.3. Exploitation could disclose sensitive information; user interaction is not required and the attack is network-based. Remediation is available via Adobe APSB18-23 security update for AEM to fix the SSRF issues.
CVE-2018-5006
CVE-2018-5006 is a Server-Side Request Forgery vulnerability in Adobe Experience Manager (AEM) affecting version 6.4 and earlier. The issue allows an unauthenticated or remote attacker to trigger crafted HTTP requests from the vulnerable server, potentially leading to disclosure of sensitive info...
CVE-2018-0398
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack. Cisco Bug IDs: CSCvg71018...
Server side request forgery (ssrf)
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack. Cisco Bug IDs: CSCvg71018...
CVE-2018-0398
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery SSRF attack. Cisco Bug IDs: CSCvg71018...
U.S. Dept Of Defense: Server-Side Request Forgery (SSRF)
Hi, I've found a Server-Side Request Forgery SSRF Steps to reproduce: + start listening on your server + navigate to http://██████/help/ACPS.htmhttp://$yourserver:$port + you will get the request ██████ Impact Server-Side Request Forgery SSRF Attack...
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection Vulnerability
Exploit for java platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-12463 CVE: CVE-2018-12463 at...
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection
Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-12463 CVE: CVE-2018-12463 at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12463 CVSS: HIGH...
Server side request forgery (ssrf)
In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided...
Slack: SSRF in api.slack.com, using slash commands and bypassing the protections.
Bypassing the reports 61312 and 356765 Tutorial: Go to api.slack.com and create an application with your own slash command. F320014 Enter your own domain: in your own domain: index.php location: http://:::22/ F320019 And save. Go to your Slack and type /youslash Try with my server...
Server side request forgery (ssrf)
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any informati...
Server Side Request Forgery (SSRF)
concrete5 is susceptible to server side request forgery SSRF. The vulnerability is possible because of file replacing function in tools/files/importers/remote.php which allows to scan local network and to enumerate open TCP ports...
CVE-2018-13790
A Server Side Request Forgery SSRF vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page...
Debian DLA-1415-1 : phpmyadmin security update
Several vulnerabilities were found in phpMyAdmin, the web-based MySQL administration interface, including SQL injection attacks, denial of service, arbitrary code execution, cross-site scripting, server-side request forgery, authentication bypass, and file system traversal. For Debian 8 'Jessie',...
Debian: Security Advisory (DLA-1415-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Server-Side Request Forgery (SSRF)
recurly-api-client is vulnerable to server-side request forgery SSRF attacks. This is due to the incorrect usage of the Uri.EscapeUriString function, which could allow an attacker to send a crafted request from the vulnerable client...
CVE-2018-12571
uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the origurl parameter, possibly causing a traffic amplification and/or SSRF outcome...
Server side request forgery (ssrf)
DNN aka DotNetNuke before 9.2.0 suffers from a Server-Side Request Forgery SSRF vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources...
CVE-2017-0929
DNN aka DotNetNuke before 9.2.0 suffers from a Server-Side Request Forgery SSRF vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources...