Server side request forgery (ssrf)

XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that 1 subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or 2 update Internet Radio Settings via the...

CVE-2017-11457

XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...

Oracle E-Business Suite 12.x - Server-Side Request Forgery

Oracle E-Business Suite 12.x - Server-Side Request Forgery...

Oracle E-Business Suite 12.x - Server-Side Request Forgery

Exploit Title: Oracle E-Business Suite - Server Side Request Forgery Date: 19 July 2017 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Greetings: Raj3sh.tv, Deepu.tv Vendor Homepage: www.oracle.com Software Link:...

Server side request forgery (ssrf)

In FineCMS before 2017-07-06, application/lib/ajax/getimagedata.php has SSRF, related to requests for non-image files with a modified HTTP Host header...

CVE-2017-6036

A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination...

CVE-2017-6036

A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination...

CVE-2017-6036

CVE-2017-6036 describes a Server-Side Request Forgery (SSRF) in Belden Hirschmann GECKO Lite Managed switch (Web server) affecting v2.0.00 and earlier. The issue arises because the web server does not adequately validate requests to the intended destination, enabling an attacker to obtain sensiti...

Concrete CMS: SSRF thru File Replace

Hello Team, Version: 8.2.0 Details: I have found a possibility of Server Side Request Forgery via file 'Replace' functionality. An attacker / malicious user is able to scan local network and able to enumerate open TCP ports. The root of cause of this vulnerability: - you are allowing to use...

Server side request forgery (ssrf)

XML external entity XXE vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery SSRF attacks via a crafted XSPF playlist file...

CVE-2017-9355

CVE-2017-9355 is an XML External Entity (XXE) vulnerability in Subsonic 6.1.1’s import playlist feature that can enable server‑side request forgery (SSRF) via a crafted XSPF playlist file. The affected product is Subsonic v6.1.1 (import playlist parser/XXE handling), with in‑the‑wild references a...

Subsonic 6.1.1 - XML External Entity Injection Vulnerability

Exploit for windows platform in category local exploits + Credits: John Page a.k.a hyp3rlinx Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming server. You install it on your own computer where you keep your music or video collection...

Subsonic 6.1.1 - Server-Side Request Forgery Vulnerability

Exploit for windows platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming server. You install it on your own computer where you keep your music or video collection...

Subsonic 6.1.1 Server Side Request Forgery

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-CSRF-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media...

Weblate: Uploaded XLF files result in External Entity Execution

Summary: ======== Weblate users in the Translate group or those with the ability to upload translation files can trigger XML External Entity Execution. This is a well known and high/critical vector of attack that often can completely compromise the security of a web application or in some cases...

I_ Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting

I Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager...

EulerOS 2.0 SP1 : ImageMagick (EulerOS-SA-2016-1021)

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attack...

WordPress Plugin Nelio AB Testing Server-Side Request Forgery (SSRF)

Case Study: SSRF in Nelio AB Testing WordPress Plugin Nelio AB Testing is a WordPress plugin used for A/B Testing in WordPress pages. We can download the source-code of the Plugin from plugins.svn.wordpress.org/nelio-ab-testing/tags/4.5.8/. Server-side Request Forgery SSRF is a vulnerability wher...

Server side request forgery (ssrf)

Multiple server-side request forgery SSRF vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodblite/tests/testadodblite.php, libs/org/adodblite/tests/testdatadictionary.php, or...