9237 matches found
CVE-2017-12071
CVE-2017-12071 is a server-side request forgery (SSRF) vulnerability in the Synology Photo Station component, affecting file_upload.php. The issue allows remote authenticated users to download arbitrary local files via the url parameter in versions prior to 6.7.4-3433 and 6.3-2968. Documented sou...
CVE-2017-9458
XML external entity XXE vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or...
CVE-2017-9458
XML external entity XXE vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or...
CVE-2017-9458
Vulnerability: XML External Entity (XXE) in PAN-OS GlobalProtect internal/external gateway interface.Affected versions: PAN-OS 6.1.x <= 6.1.17, 7.0.x <= 7.0.16, 7.1.x <= 7.1.11, and 8.0.x
CVE-2017-9458
XML external entity XXE vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or...
XML External Entity (XXE) in PAN-OS
A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface that could allow for XML External Entity XXE attack. PAN-OS does not properly parse XML input. Ref PAN-75688 / CVE-2017-9458 Successful exploitation of this issue may allow disclosure of information, denial o...
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an...
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an...
SSRF vulnerability in Bycms user-post method
Bycms Beyoncms is a content management system based on thinkphp 5.0.9. An SSRF vulnerability exists in the Bycms user-post method. An attacker can exploit the vulnerability to detect the database version number and open port service information...
Server side request forgery (ssrf)
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery SSRF...
CVE-2017-9506
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery SSRF...
CVE-2017-9506
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery SSRF...
Server side request forgery (ssrf)
Server-side request forgery SSRF vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI...
DALIM ES Multiple Vulnerabilities
DALIM ES is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dalim:escore"; if description...
DALIM SOFTWARE ES Core 5.0 Build 7184.1 SSRF
DALIM SOFTWARE ES Core 5.0 build 7184.1 Server-Side Request Forgery Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build 7114.1 build 7114.0 build 7093.1 build 7093.0 build 7072.0 build 7051.3...
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery DALIM SOFTWARE ES Core 5.0 build 7184.1 Server-Side Request Forgery Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build...
DALIM SOFTWARE ES Core 5.0 build 7184.1 Server-Side Request Forgery
Summary ES is the new Enterprise Solution from DALIM SOFTWARE built from the successful TWIST, DIALOGUE and MISTRAL product lines. The ES Core is the engine that can handle project tracking, JDF device workflow, dynamic user interface building, volume management. Each ES installation will have...
phpBB 3.2.0 Server Side Request Forgery
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Server Side Request Forgery Vulnerability product: phpBB vulnerable version: 3.2.0 fixed version: 3.2.1 CVE number: impact: Medium homepage: https://www.phpbb.com/ found:...
Server-Side Request Forgery (SSRF)
WordPress is vulnerable to server-side request forgery SSRF attacks. The attacks exist because it bypasses the validation of GET request by using URL http://xxx.xxx.xxx.xxx/wp-admin/press-this.php?u=URLTOSCRAPE&url-scan-submit;=Scan which has a zero value in the first octet of an IPv4 address in...
CVE-2017-11457
XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...