CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2017/11/13 5:0 p.m.•73 views

CVE-2017-0907

The CVE affects Recurly Client .NET Library prior to versions 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, and 1.8.1. Root cause is improper use of Uri.EscapeUriString, leading to a Server-Side Request Forgery (SSRF) that could allow exposure or compromise of API keys or other critic...

9.8CVSS9.4AI score0.02594EPSS

Exploits0References3Affected Software1

CVE•added 2017/11/13 5:0 p.m.•79 views

CVE-2017-0904

The private_address_check Ruby gem (versions before 0.4.0) is affected by a bypass of its own privacy filter due to using Ruby’s Resolv.getaddresses, which is OS-dependent and cannot be trusted for security checks. This can undermine server-side request forgery protections that rely on blacklisti...

8.1CVSS8AI score0.02415EPSS

Exploits0References5Affected Software1

Cvelist•added 2017/11/13 5:0 p.m.•20 views

CVE-2017-0905

The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resourcefind" method that could result in compromise of API keys or other critical resources...

9.5AI score0.02594EPSS

Cvelist•added 2017/11/13 5:0 p.m.•31 views

CVE-2017-0906

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...

9.5AI score0.02594EPSS

Cvelist•added 2017/11/13 5:0 p.m.•18 views

CVE-2017-0889

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery SSRF vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources...

9.3AI score0.03053EPSS

CVE•added 2017/11/13 5:0 p.m.•93 views

CVE-2017-0905

The CVE-2017-0905 issue affects the Recurly Client Ruby Library (before versions 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3). A Server-Side Request Forgery vulnerability exists in the Resource#find method that could lead to compromise of API keys or o...

9.8CVSS9.4AI score0.02594EPSS

Exploits0References3Affected Software1

seebug.org•added 2017/11/13 12:0 a.m.•24 views

DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery

Description A server-side request forgery SSRF vulnerability exists in the DALIM Web Service management interface within the XUI servlet functionality. The DALIM web services are a set of tools used by the different DALIM SOFTWARE applications: TWIST, MISTRAL and ES. It provides file sharing...

7.1AI score

Exploits0

CNVD•added 2017/11/13 12:0 a.m.•3 views

VMware vCenter Server Information Disclosure Vulnerability (CNVD-2017-33977)

VMware vCenter Server provides a centralized, scalable platform for managing virtual infrastructure. An information disclosure vulnerability exists in VMware vCenter Server versions 5.5, 6.0, and 6.5. A remote user can trigger the URL authentication vulnerability by sending a specially crafted PO...

7.5CVSS7.1AI score0.01237EPSS

RubySec•added 2017/11/09 12:0 a.m.•41 views

private_address_check Ruby Gem Blacklist Bypass privilege escalation

The privateaddresscheck ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery...

9.8CVSS8.4AI score0.02032EPSS

Hacker One•added 2017/11/08 4:37 p.m.•16 views

AlienVault : Server Side Request Forgery protection bypass № 2

Hi, you haven't fixed the vulnerability.The bypass of this report 287762 This is a classic example of url bypass. POC https://www.threatcrowd.org/domain.php?domain=173.0302.0x2c.70 https://www.threatcrowd.org/domain.php?domain=0xad.0xc2.0x2c.0x46...

6.9AI score

Exploits0

RubySec•added 2017/11/07 12:0 a.m.•22 views

private_address_check Ruby Gem Resolv.getaddresses Server-Side Request Forgery

The privateaddresscheck ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery...

8.1CVSS1.4AI score0.02415EPSS

NVD•added 2017/11/03 6:29 p.m.•14 views

CVE-2017-1000139

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues...

8CVSS7.9AI score0.00721EPSS

Prion•added 2017/11/03 6:29 p.m.•14 views

Server side request forgery (ssrf)

6CVSS7.8AI score0.00721EPSS

OSV•added 2017/11/03 6:29 p.m.•17 views

CVE-2017-1000139

8CVSS6.9AI score

Cvelist•added 2017/11/03 6:0 p.m.•16 views

CVE-2017-1000139

7.9AI score0.00721EPSS

CVE•added 2017/11/03 6:0 p.m.•48 views

CVE-2017-1000139

Mahara versions 1.8 before 1.8.7, 1.9 before 1.9.5, 1.10 before 1.10.3, and 15.04 before 15.04.0 are vulnerable to server-side request forgery (SSRF) because curl redirects are not consistently checked against a white/black list. Employing SafeCurl will prevent issues.

8CVSS7.8AI score0.00721EPSS