9238 matches found
CVE-2017-0889
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery SSRF vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources...
Server-side Request Forgery (SSRF)
The Python Recurly client is vulnerable to server-side request forgery SSRF attacks A malicious user can pass a URI from a different domain to gain access to API keys or other sensitive information...
Server-Side Request Forgery (SSRF)
recurly is vulnerable to server-side request forgery SSRF attacks A malicious user can pass a URI from a different domain to gain access to API keys or other sensitive information...
Server-Side Request Forgery (SSRF)
privateaddresscheck is vulnerable to server-side request forgery SSRF attacks. A malicious user can bypass the SSRF filter by passing a valid IP address of a different format. This is related to the OS-dependent Resolv.getaddresses within Ruby itself...
APSB17-35 Security update available for Adobe Connect
Adobe has released a security update for Adobe Connect. This update resolves a critical Server-Side Request Forgery SSRF vulnerability CVE-2017-11291 that could be abused to bypass network access controls. This update also resolves three input validation vulnerabilities rated Important...
CVE-2017-0889
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery SSRF vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources...
Server side request forgery (ssrf)
The privateaddresscheck ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery...
CVE-2017-0904
The privateaddresscheck ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery...
CVE-2017-0905
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resourcefind" method that could result in compromise of API keys or other critical resources...
CVE-2017-0906
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...
Server side request forgery (ssrf)
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery SSRF vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources...
PYSEC-2017-68
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...
Server side request forgery (ssrf)
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...
Server side request forgery (ssrf)
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resourcefind" method that could result in compromise of API keys or other critical resources...
CVE-2017-0905
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resourcefind" method that could result in compromise of API keys or other critical resources...
CVE-2017-0907
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...
CVE-2017-0906
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...
CVE-2017-0907
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...
CVE-2017-0907
The CVE affects Recurly Client .NET Library prior to versions 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, and 1.8.1. Root cause is improper use of Uri.EscapeUriString, leading to a Server-Side Request Forgery (SSRF) that could allow exposure or compromise of API keys or other critic...
CVE-2017-0904
The private_address_check Ruby gem (versions before 0.4.0) is affected by a bypass of its own privacy filter due to using Ruby’s Resolv.getaddresses, which is OS-dependent and cannot be trusted for security checks. This can undermine server-side request forgery protections that rely on blacklisti...