Lucene search
K

9242 matches found

Cvelist
Cvelist
added 2018/06/05 8:0 p.m.21 views

CVE-2018-1000188

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

5.4AI score0.00608EPSS
Exploits0References1
CVE
CVE
added 2018/06/05 8:0 p.m.68 views

CVE-2018-1000188

The vulnerability CVE-2018-1000188 affects Jenkins CAS Plugin (versions 1.4.1 and older) and its CasSecurityRealm.java, enabling a server-side request forgery (SSRF) where an attacker with Overall/Read access can cause Jenkins to send a GET request to an arbitrary URL. The issue is documented acr...

5.5CVSS5.3AI score0.00608EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/05 8:0 p.m.32 views

CVE-2018-1000184

A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL...

5.4AI score0.00608EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2018/06/04 12:0 a.m.55 views

SearchBlox 8.6.7 XML External Entity Injection

Exploit Title: SearchBlox 8.6.7 Out-Of-Band XML eXternal Entity OOB-XXE Exploit Author: Ahmet GUREL, Canberk BOLAT Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.7 Platform: Java Tested on: Windows CVE: CVE-2018-11586 1. DETAILS An XML External Entity attack is a typ...

9.7AI score0.1517EPSS
Exploits5
Hacker One
Hacker One
added 2018/05/29 1:12 p.m.34 views

GitLab: Potensial SSRF via Git repository URL

Duplicate: Fixed in 8.17.4, 8.16.8, and 8.15.8 Original report: https://hackerone.com/reports/135937 SSRF when importing a project from a Repo by URL GitLab instances that have enabled project imports using "Repo by URL" were vulnerable to Server-Side Request Forgery attacks. By specifying a...

0.8AI score
Exploits0
NVD
NVD
added 2018/05/24 1:29 p.m.28 views

CVE-2018-9920

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https:///Identity/STS/Forms/Scripts URL...

6.5CVSS6.5AI score0.00796EPSS
Exploits1References1
CVE
CVE
added 2018/05/24 1:0 p.m.64 views

CVE-2018-9920

K2 Smartforms 4.6.11 is affected by a server-side request forgery (SSRF) vulnerability. The issue arises in the runtime application when a modified hostname in the URL https://*/Identity/STS/Forms/Scripts allows an attacker to redirect the application to an external domain, manipulating data rend...

6.5CVSS6.5AI score0.00796EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/05/24 1:0 p.m.23 views

CVE-2018-9920

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https:///Identity/STS/Forms/Scripts URL...

6.5AI score0.00796EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2018/05/22 12:0 a.m.48 views

K2 Smartforms 4.6.11 Server-Side Request Forgery

Vulnerability type: Server Side Request Forgery Vendor: https://www.k2.com/ Product: K2 Smartforms Affected version: 4.6.11 Credit: Foo Jong Meng CVE ID: CVE-2018-9920 DESCRIPTION: Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an...

1AI score0.00796EPSS
Exploits1
Exploit DB
Exploit DB
added 2018/05/21 12:0 a.m.37 views

Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery

Teradek VidiU Pro 3.0.3 SSRF Vulnerability Vendor: Teradek, LLC Product web page: https://www.teradek.com Affected version: VidiU, VidiU Mini, VidiU Pro 3.0.3r32136 3.0.2r31225 2.4.10 Summary: The Teradek VidiU gives you the freedom to broadcast live high definition video directly to the Web...

7AI score
Exploits0
CNVD
CNVD
added 2018/05/16 12:0 a.m.4 views

SSRF Vulnerability in Jspxcms

Jspxcms is an open source, Java-based content management system CMS. Jspxcms suffers from an SSRF vulnerability. It allows an attacker to initiate requests to an intranet host to obtain banner information for web application reachable server services as well as collect fingerprinting of intranet...

6.7AI score
Exploits0
OSV
OSV
added 2018/05/14 12:29 a.m.4 views

CVE-2018-11031

application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an apiurl=file:////etc/passwd&apimethod=get POST request...

9.8CVSS5.8AI score0.01961EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2018/05/11 12:0 a.m.15 views

FreeBSD : jenkins -- multiple vulnerabilities (06ab7724-0fd7-427e-a5ce-fe436302b10c)

Jenkins developers report : The agent to master security subsystem ensures that the Jenkins master is protected from maliciously configured agents. A path traversal vulnerability allowed agents to escape whitelisted directories to read and write to files they should not be able to access. Black...

5.6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2018/05/09 12:0 a.m.17 views

jenkins -- multiple vulnerabilities

Jenkins developers report: The agent to master security subsystem ensures that the Jenkins master is protected from maliciously configured agents. A path traversal vulnerability allowed agents to escape whitelisted directories to read and write to files they should not be able to access. Black Du...

2.4AI score
Exploits0References1
Packet Storm
Packet Storm
added 2018/05/03 12:0 a.m.32 views

Trovebox 4.0.0-rc6 SQL Injection / Bypss / SSRF

Telekom Security security.telekom.com Advisory: Trovebox - Authentication Bypass, SQLi, SSRF Release Date: 2018/04/30 Author: Robin Verton [email protected] CVE: requested Application: Trovebox getAttribute'passwordToken'; if$tokenFromDb != $token return $this-error'Could not validate...

0.2AI score
Exploits0
Prion
Prion
added 2018/05/02 3:29 p.m.16 views

Server side request forgery (ssrf)

SSRF Server Side Request Forgery in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about...

6.4CVSS9.2AI score0.10847EPSS
Exploits8References2Affected Software1
CVE
CVE
added 2018/05/02 3:0 p.m.64 views

CVE-2018-9302

Cockpit CMS SSRF (CVE-2018-9302) affects versioned Cockpit: 0.4.4–0.5.5, via /assets/lib/fuc.js.php. The vulnerability allows an attacker-supplied url parameter to read arbitrary files or initiate TCP connections to intranet hosts. It is described as a consequence of an incomplete fix related to ...

9.1CVSS9.1AI score0.10847EPSS
Exploits5References2Affected Software1
exploitpack
exploitpack
added 2018/05/02 12:0 a.m.48 views

Cockpit CMS 0.4.4 0.5.5 - Server-Side Request Forgery

Cockpit CMS 0.4.4 0.5.5 - Server-Side Request Forgery SSRF(Server Side Request Forgery) in Cockpit 0.4.4-0.5.5 CVE-2018-9302 Cockpit CMS repairs CVE-2017-14611, but it can be bypassed, SSRF still exist, affecting the Cockpit CMS 0.4.4-0.5.5 versions.I've been tested success of "Cockpit CMS" laste...

6.4CVSS0.7AI score0.10847EPSS
Exploits8
0day.today
0day.today
added 2018/05/02 12:0 a.m.97 views

Cockpit CMS 0.4.4-0.5.5 - Server-Side Request Forgery Vulnerability

Exploit for php platform in category web applications SSRF(Server Side Request Forgery) in Cockpit 0.4.4-0.5.5 CVE-2018-9302 Cockpit CMS repairs CVE-2017-14611, but it can be bypassed, SSRF still exist, affecting the Cockpit CMS 0.4.4-0.5.5 versions.I've been tested success of "Cockpit CMS" laste...

0.1AI score0.10847EPSS
Exploits8
Prion
Prion
added 2018/04/25 9:29 a.m.12 views

Server side request forgery (ssrf)

GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component...

4CVSS6.2AI score0.01334EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder