9233 matches found
Debian DLA-816-1 : svgsalamander security update
Luc Lynx discovered a Server-Side Request Forgery in svgSalamander allowing access to the trusted network with specially crafted SVG files. For Debian 7 'Wheezy', these problems have been fixed in version 0svn95-1+deb7u1. We recommend that you upgrade your svgsalamander packages. NOTE: Tenable...
Debian DSA-3781-1 : svgsalamander - security update
Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3781. The text itself is...
Debian Security Advisory DSA 3781-1 (svgsalamander - security update)
Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery. OpenVAS Vulnerability Test $Id: deb3781.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3781-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks...
[SECURITY] [DLA 816-1] svgsalamander security update
Package : svgsalamander Version : 0svn95-1+deb7u1 CVE ID : CVE-2017-5617 Debian Bug : 853134 Luc Lynx discovered a Server-Side Request Forgery in svgSalamander allowing access to the trusted network with specially crafted SVG files. For Debian 7 "Wheezy", these problems have been fixed in version...
Server Side Request Forgery (SSRF)
svg-salamander is vulnerable to server side request forgery SSRF attacks. The vulnerability exists because svg-salamander does not restrict the schemes supported in the SVG file. An attacker can exploit this vulnerability by supplying a SVG file with file://, jar://, or other application specific...
Server-Side Request Forgery (SSRF)
ImageMagick is vulnerable to server-side request forgery SSRF. A malicious user can send a malicious .mvg file to force a HTTP, GET or FTP request a user...
Server side request forgery (ssrf)
The fetchremotefile function in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...
CVE-2016-9417
The CVE-2016-9417 vulnerability affects MyBB (My Bulletin Board) prior to version 1.8.8 and the MyBB Merge System prior to 1.8.8. The issue is a server-side request forgery (SSRF) via the fetch_remote_file function, enabling remote attackers to trigger requests from the vulnerable server to other...
CVE-2016-9417
The fetchremotefile function in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...
Server side request forgery (ssrf)
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...
CVE-2016-6621
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...
CVE-2016-6621
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...
CVE-2016-6621
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...
Multiple vulnerabilities in setup script
PMASA-2016-44 Announcement-ID: PMASA-2016-44 Date: 2017-01-24 Summary Multiple vulnerabilities in setup script Description A server-side request forgery vulnerability was reported with the setup script. This flaw can allow an unauthenticated attacker to: 1. brute-force passwords of MYSQL servers...
CVE-2016-7999
ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...
Server side request forgery (ssrf)
Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via...
Splunk Enterprise SSRF Vulnerability (SP-CAAAPSR)
Splunk Enterprise is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Splunk Enterprise 6.4.3 - Server-Side Request Forgery Vulnerability
Exploit for php platform in category web applications Splunk Enterprise Server-Side Request Forgery Affected versions: Splunk Enterprise = 6.4.3 PDF: http://security-assessment.com/files/documents/advisory/SplunkAdvisory.pdf +-----------+ |Description| +-----------+ The Splunk Enterprise...
Splunk Enterprise 6.4.3 Server-Side Request Forgery
, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Splunk Enterprise Server-Side Request Forgery Affected versions: Splunk Enterprise = 6.4.3 PDF:...
Splunk Enterprise 6.4.3 - Server-Side Request Forgery
Splunk Enterprise 6.4.3 - Server-Side Request Forgery ''' , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Splunk Enterprise Server-Side Request Forgery Affected versions: Splunk Enterprise = 6.4.3...