9242 matches found
CVE-2018-1000548
Umlet version 14.3 contains a XML External Entity XXE vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixe...
CVE-2018-1000542
CVE-2018-1000542 affects the NetBeans MMD plugin (version ≤ 1.4.3). The vulnerability is an XML External Entity (XXE) issue in MMD file import that can lead to information disclosure, server-side request forgery, or remote code execution, as exploited by specially crafted MMD files. The connected...
CVE-2018-1000546
Triplea version = 1.9.0.0.10291 contains a XML External Entity XXE vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file XML...
Liferay Portal 7.0.4 - Server-Side Request Forgery
Liferay Portal 7.0.4 - Server-Side Request Forgery 1. ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...
Liferay Portal < 7.0.4 - Server-Side Request Forgery Vulnerability
Exploit for java platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686 0day.today 2018-06-26...
Liferay Portal Server-Side Request Forgery
ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...
Liferay Portal < 7.0.4 - Server-Side Request Forgery
ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...
Server side request forgery (ssrf)
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service...
Security Bulletin: IBM PowerVC is impacted by OpenStack Glance server-side request forgery (CVE-2017-7200)
Summary IBM PowerVC may disclose some sensitive information while creating images with 'copyfrom' feature in the v1 Image Service API. Vulnerability Details CVEID: CVE-2017-7200 DESCRIPTION: OpenStack Glance is vulnerable to server-side request forgery, caused by a flaw in the 'copyfrom' feature ...
Security Bulletin: Multiple security vulnerabilities in IBM Business Process Manager affect IBM Cloud Orchestrator (CVE-2015-7407, CVE-2015-7400, CVE-2015-7454)
Summary IBM Business Process Manager that is bundled with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition, has identified multiple vulnerabilites. IBM Cloud Orchestrator V2.4, has addressed these vulnerabilites . It includes IBM Business Process Manager V8.5.6 CF2...
Security Bulletin: IBM Forms Experience Builder could be susceptible to a server-side request forgery (CVE-2016-6001)
Summary IBM Forms Experience Builder could be susceptible to a server-side request forgery SSRF allowing for some information disclosure of internal resources. Vulnerability Details CVEID: CVE-2016-6001 DESCRIPTION: IBM Forms Experience Builder could be susceptible to a server-side request forger...
CVE-2018-5752
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery SSRF attacks via vectors involving non-decimal representations of IP addresses and...
Server side request forgery (ssrf)
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery SSRF attacks via vectors involving non-decimal representations of IP addresses and...
CVE-2018-5752
Open-Xchange OX App Suite vulnerability CVE-2018-5752 affects the backend component in versions before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22. The issue is a server-side request forgery (SSRF) via vectors involving non-decimal representations...
CVE-2018-5752
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery SSRF attacks via vectors involving non-decimal representations of IP addresses and...
Security Bulletin: API Connect Developer Portal is affected by a PHP vulnerability (CVE-2017-7272)
Summary IBM API Connect has addressed the following vulnerability. PHP is vulnerable to server-side request forgery, caused by a flaw in the fsockopen function. By using a specially crafted argument, an attacker could exploit this vulnerability to conduct a Server Side Request Forgery SSRF attack...
Security Bulletin: Multiple security vulnerabilities in Business Space affect IBM Business Process Manager and WebSphere Process Server (CVE-2015-7407, CVE-2015-7400, CVE-2015-7454)
Summary Business Space is a user interface framework that is available in WebSphere Process Server and IBM Business Process Manager BPM. In IBM BPM Express Edition and Standard Edition the framework is not used directly by end users, however, it is still available and contributes parts of the...
OX App Suite 7.8.4 - Multiple Vulnerabilities
OX App Suite 7.8.4 - Multiple Vulnerabilities Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.8.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by...
OX App Suite 7.8.4 - Multiple Vulnerabilities
Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.8.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.3-rev30, 7.8.2-rev3...
CVE-2017-3208
The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server,...