Lucene search
K

9242 matches found

Cvelist
Cvelist
added 2018/06/26 4:0 p.m.21 views

CVE-2018-1000548

Umlet version 14.3 contains a XML External Entity XXE vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixe...

7.5AI score0.01317EPSS
Exploits1References2
CVE
CVE
added 2018/06/26 4:0 p.m.44 views

CVE-2018-1000542

CVE-2018-1000542 affects the NetBeans MMD plugin (version ≤ 1.4.3). The vulnerability is an XML External Entity (XXE) issue in MMD file import that can lead to information disclosure, server-side request forgery, or remote code execution, as exploited by specially crafted MMD files. The connected...

7.8CVSS7.8AI score0.02734EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2018/06/26 4:0 p.m.13 views

CVE-2018-1000546

Triplea version = 1.9.0.0.10291 contains a XML External Entity XXE vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file XML...

7.8CVSS7.8AI score0.02569EPSS
Exploits1
exploitpack
exploitpack
added 2018/06/26 12:0 a.m.21 views

Liferay Portal 7.0.4 - Server-Side Request Forgery

Liferay Portal 7.0.4 - Server-Side Request Forgery 1. ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/06/26 12:0 a.m.98 views

Liferay Portal < 7.0.4 - Server-Side Request Forgery Vulnerability

Exploit for java platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686 0day.today 2018-06-26...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/06/26 12:0 a.m.39 views

Liferay Portal Server-Side Request Forgery

ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/26 12:0 a.m.103 views

Liferay Portal &lt; 7.0.4 - Server-Side Request Forgery

ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...

7.4AI score
Exploits0
Prion
Prion
added 2018/06/22 1:29 p.m.17 views

Server side request forgery (ssrf)

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service...

4.3CVSS6.1AI score0.02627EPSS
Exploits0References5Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:0 a.m.22 views

Security Bulletin: IBM PowerVC is impacted by OpenStack Glance server-side request forgery (CVE-2017-7200)

Summary IBM PowerVC may disclose some sensitive information while creating images with 'copyfrom' feature in the v1 Image Service API. Vulnerability Details CVEID: CVE-2017-7200 DESCRIPTION: OpenStack Glance is vulnerable to server-side request forgery, caused by a flaw in the 'copyfrom' feature ...

5.8CVSS0.6AI score0.02034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.26 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Process Manager affect IBM Cloud Orchestrator (CVE-2015-7407, CVE-2015-7400, CVE-2015-7454)

Summary IBM Business Process Manager that is bundled with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition, has identified multiple vulnerabilites. IBM Cloud Orchestrator V2.4, has addressed these vulnerabilites . It includes IBM Business Process Manager V8.5.6 CF2...

8.8CVSS0.5AI score0.02589EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:4 p.m.20 views

Security Bulletin: IBM Forms Experience Builder could be susceptible to a server-side request forgery (CVE-2016-6001)

Summary IBM Forms Experience Builder could be susceptible to a server-side request forgery SSRF allowing for some information disclosure of internal resources. Vulnerability Details CVEID: CVE-2016-6001 DESCRIPTION: IBM Forms Experience Builder could be susceptible to a server-side request forger...

3.5CVSS0.8AI score0.00554EPSS
Exploits0Affected Software1
NVD
NVD
added 2018/06/16 1:29 a.m.17 views

CVE-2018-5752

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery SSRF attacks via vectors involving non-decimal representations of IP addresses and...

8.8CVSS8.5AI score0.08283EPSS
Exploits5References3
Prion
Prion
added 2018/06/16 1:29 a.m.15 views

Server side request forgery (ssrf)

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery SSRF attacks via vectors involving non-decimal representations of IP addresses and...

6.5CVSS8.5AI score0.08283EPSS
Exploits5References3Affected Software1
CVE
CVE
added 2018/06/15 9:0 p.m.77 views

CVE-2018-5752

Open-Xchange OX App Suite vulnerability CVE-2018-5752 affects the backend component in versions before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22. The issue is a server-side request forgery (SSRF) via vectors involving non-decimal representations...

8.8CVSS6.7AI score0.08283EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2018/06/15 9:0 p.m.19 views

CVE-2018-5752

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery SSRF attacks via vectors involving non-decimal representations of IP addresses and...

8.6AI score0.08283EPSS
Exploits5References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:9 a.m.45 views

Security Bulletin: API Connect Developer Portal is affected by a PHP vulnerability (CVE-2017-7272)

Summary IBM API Connect has addressed the following vulnerability. PHP is vulnerable to server-side request forgery, caused by a flaw in the fsockopen function. By using a specially crafted argument, an attacker could exploit this vulnerability to conduct a Server Side Request Forgery SSRF attack...

7.4CVSS1.3AI score0.03514EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:4 a.m.19 views

Security Bulletin: Multiple security vulnerabilities in Business Space affect IBM Business Process Manager and WebSphere Process Server (CVE-2015-7407, CVE-2015-7400, CVE-2015-7454)

Summary Business Space is a user interface framework that is available in WebSphere Process Server and IBM Business Process Manager BPM. In IBM BPM Express Edition and Standard Edition the framework is not used directly by end users, however, it is still available and contributes parts of the...

8.8CVSS6.6AI score0.02589EPSS
Exploits0Affected Software4
exploitpack
exploitpack
added 2018/06/12 12:0 a.m.61 views

OX App Suite 7.8.4 - Multiple Vulnerabilities

OX App Suite 7.8.4 - Multiple Vulnerabilities Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.8.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by...

7.1CVSS0.2AI score0.09234EPSS
Exploits11
Exploit DB
Exploit DB
added 2018/06/12 12:0 a.m.79 views

OX App Suite 7.8.4 - Multiple Vulnerabilities

Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.8.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.3-rev30, 7.8.2-rev3...

8.8CVSS5.7AI score0.08387EPSS
Exploits8
NVD
NVD
added 2018/06/11 5:29 p.m.25 views

CVE-2017-3208

The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server,...

9.8CVSS9.5AI score0.03999EPSS
Exploits2References4
Rows per page
Query Builder