Server side request forgery (ssrf)

Multiple server-side request forgery SSRF vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodblite/tests/testadodblite.php, libs/org/adodblite/tests/testdatadictionary.php, or...

Shopify: SVG Server Side Request Forgery (SSRF)

I found an issue which seems to be regression of the following issue: https://hackerone.com/reports/97501 . It seems your input validaton is not sufficient and the file is getting processed before your implemented check for valid file types. When adding a new product in the store, images for the...

PT-2018-10: Server-Side Request Forgery in Ipswitch WhatsUp Gold

The specialists of the Positive Research center have detected a Server-Side Request Forgery vulnerability in Ipswitch WhatsUp Gold. A server-side request forgery vulnerability in NmAPI.exe in Ipswitch WhatsUp Gold allows attackers to gain unauthorized access to the WhatsUp Gold system, obtain...

PHP 7.x < 7.0.18, 7.1.x < 7.1.4 SSRF Security Bypass Vulnerability - Linux

PHP is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

Server side request forgery (ssrf)

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. Thi...

Server side request forgery (ssrf)

XmlMapper in the Jackson XML dataformat component aka jackson-dataformat-xml before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery SSRF attacks via vectors related to a DTD...

CVE-2016-7051

XmlMapper in the Jackson XML dataformat component aka jackson-dataformat-xml before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery SSRF attacks via vectors related to a DTD...

CVE-2016-7051

XmlMapper in the Jackson XML dataformat component aka jackson-dataformat-xml before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery SSRF attacks via vectors related to a DTD...

CVE-2016-7051

CVE-2016-7051 affects jackson-dataformat-xml (XmlMapper). The vulnerability is a server-side request forgery (SSRF) flaw related to DTD handling, present in XmlMapper before 2.7.8 and in 2.8.x before 2.8.4. Impact is described as potential SSRF; exploit details are not provided in the initial doc...

phpMyAdmin 4.0.x < 4.0.10.19 / 4.4.x < 4.4.15.10 / 4.6.x < 4.6.6 Multiple Vulnerabilities (PMASA-2017-1 - PMASA-2017-7)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.19, 4.4.x prior to 4.4.15.10, or 4.6.x prior to 4.6.6. It is, therefore, affected by the following vulnerabilities : - An open redirect vulnerability exists due to a...

Server side request forgery (ssrf)

F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery SSRF attack when deployed using the Dynamic Domain Bypass DDB feature feature plus SNAT Auto Map option for egress traffic...

CVE-2017-6130

F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery SSRF attack when deployed using the Dynamic Domain Bypass DDB feature feature plus SNAT Auto Map option for egress traffic...

[SECURITY] [DLA 875-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u8 CVE ID : CVE-2016-7478 CVE-2016-7479 CVE-2017-7272 Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especially suited for web development and...

DEBIAN-CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

CVE-2017-7200

The copyfrom feature in Image Service API v1 allows an attacker to perform masked network port scans. It is possible to create images with a URL such as 'http://localhost:22'. This could allow an attacker to enumerate internal network details while appearing masked, because the scan appears to...

Server side request forgery (ssrf)

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

CVE-2017-5617

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

PT-2018-41: Server-Side Request Forgery in SAP NetWeaver Knowledge Management Configuration Service

The specialists of the Positive Research center have detected a Server-Side Request Forgery vulnerability in SAP NetWeaver Knowledge Management Configuration Service. A server-side request forgery SSRF vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 allow...

CVE-2015-8813

The CVE-2015-8813 entry affects Umbraco before 7.4.0, where the Page_Load code in FeedProxy.aspx.cs is vulnerable to server-side request forgery (SSRF) via the url parameter. Public descriptions (including the Nuclei template) confirm that an attacker can trigger arbitrary HTTP GET requests to ta...

Debian DLA-834-1 : phpmyadmin security update

A server-side request forgery vulnerability was reported for the setup script in phpmyadmin, a MYSQL web administration tool. This flaw may allow an unauthenticated attacker to brute-force MYSQL passwords, detect internal hostnames or opened ports on the internal network. Additionally there was a...