CVE-2017-6323

The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0POSTHF6, and ITMS 7.6POSTHF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service,...

Server side request forgery (ssrf)

The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0POSTHF6, and ITMS 7.6POSTHF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service,...

CVE-2017-6323

The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0POSTHF6, and ITMS 7.6POSTHF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service,...

CVE-2017-14611

SSRF Server Side Request Forgery in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetchurlcontents component...

CVE-2017-14323

CVE-2017-14323 describes a Server-Side Request Forgery (SSRF) in Onethink’s Ueditor component, specifically in getRemoteImage.php used by Onethink V1.0 and V1.1. An attacker can use the upfile parameter to fetch or reach internal network resources and, per sources, potentially trigger remote comm...

CVE-2017-14611

Summary: The dataset confirms a Server-Side Request Forgery (SSRF) in Cockpit CMS. Cockpit 0.13.0 was vulnerable via the url parameter (related to the aheinze/fetch_url_contents component). Related entries show that CVE-2018-9302 describes continued SSRF in Cockpit 0.4.4 through 0.5.5, attributed...

Cockpit CMS 0.13.0 Server Side Request Forgery Vulnerability

Cockpit CMS version 0.13.0 suffers from a server-side request forgery vulnerability. SSRFPS"Server Side Request ForgeryPSc in Cockpit CMS 0.13.0 CVE-2017-14611 The Cockpit CMS is awesome if you need a flexible content structure but don't want to be limited in how to use the content. Product...

CVE-2017-18096

The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery SSRF by creating an OAut...

Server side request forgery (ssrf)

The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery SSRF by creating an OAut...

CVE-2017-18096

The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery SSRF by creating an OAut...

CVE-2017-18096

The CVE concerns Atlassian Application Links: the OAuth status REST resource is affected in versions before 5.2.7, 5.3.0 before 5.3.4, and 5.4.0 before 5.4.3. A remote attacker with administrative rights can trigger a Server Side Request Forgery by creating an OAuth application link to a controll...

CVE-2017-16614

CVE-2017-16614 describes an SSRF vulnerability in Tpshop (versions 2.0.5 and 2.0.6) affecting the fBill parameter in the WxPay.tedatac.php path (plugins/payment/weixin/lib/). An attacker could remotely trigger requests that may leak sensitive information, probe internal/intranet hosts, or potenti...

Server side request forgery (ssrf)

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources...

Debian DLA-1311-1 : adminer security update

It was discovered that there was a server-side request forgery exploit in adminer, a web-based database administration tool. Adminer allowed unauthenticated connections to be initiated to arbitrary systems and ports which could bypass external firewalls to identify internal hosts or perform port...

CVE-2018-7516

A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans...

CVE-2018-7516

A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scans...

CVE-2018-7516

CVE-2018-7516 describes a Server-Side Request Forgery (SSRF) in Geutebruck G-Cam/EFD-2250 v1.12.0.4 and Topline TopFD-2125 v3.15.1 IP cameras. Root cause: unauthenticated SSRF that could proxy network scans. Impact per sources includes potential proxying of scans and other access risks; exploitat...

Server side request forgery (ssrf)

The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery SSRF attacks or possibly conduct XML External Entity XXE attacks and execute arbitrary code via a crafted serialized PHP object, related to the...

CVE-2014-3990

The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery SSRF attacks or possibly conduct XML External Entity XXE attacks and execute arbitrary code via a crafted serialized PHP object, related to the...

Gitlab -- multiple vulnerabilities

GitLab reports: SSRF in services and web hooks There were multiple server-side request forgery issues in the Services feature. An attacker could make requests to servers within the same network of the GitLab instance. This could lead to information disclosure, authentication bypass, or potentiall...