U.S. Dept Of Defense: Server Side Request Forgery (SSRF) vulnerability in a DoD website

A Department of Defense webserver was vulnerable to an SSRF attack that could have enabled a remote user to send custom web requests from the vulnerable system. @korprit was able to demonstrate this vulnerability by crafting specially formatted URLs. Thanks @korprit!...

Server side request forgery (ssrf)

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute...

WordPress Nelio AB Testing Plugin <= 4.5.8 - Server Side Request Forgery

This plugin is prone to a server side request forgery vulnerability. It allows attacker to collect various information about the server or even achieve remote code execution. Solution Update the plugin...

Nelio AB Testing <= 4.5.8 - Server Side Request Forgery (SSRF)

The Nelio AB Testing WordPress plugin was affected by a Server Side Request Forgery SSRF security vulnerability...

Apache ActiveMQ 5.11.1 / 5.13.2 Directory Traversal / Command Execution

I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a path delimiter. An attacker could use this flaw to upload...

Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution Vulnerabilities

Exploit for windows platform in category remote exploits I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a pat...

Server side request forgery (ssrf)

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address e.g., http://127.1 or a 30x aka Redirection HTTP status code...

CVE-2016-5968

The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via...

Server side request forgery (ssrf)

The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via...

Debian DLA-695-1 : spip security update

Multiple vulnerabilities have been discovered in SPIP, a website engine for publishing written in PHP. CVE-2016-7980 Nicolas Chatelain of Sysdream Labs discovered a cross-site request forgery CSRF vulnerability in the validerxml action of SPIP. This allows remote attackers to make use of potentia...

DLA-695-1 spip - security update

Bulletin has no description...

EC-CUBE 2.12.6 - Server-Side Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: EC-CUBE 2.12.6 Server-Side Request Forgery Date: 22/10/16 Exploit Author: Wad Deek Vendor Homepage: http://en.ec-cube.net/ Software Link: http://en.ec-cube.net/download/ Version: 2.12.6en-p1 Tested on: Xampp on Windows7 Fuzzing...

EC-CUBE 2.12.6 - Server-Side Request Forgery

EC-CUBE 2.12.6 - Server-Side Request Forgery Exploit Title: EC-CUBE 2.12.6 Server-Side Request Forgery Date: 22/10/16 Exploit Author: Wad Deek Vendor Homepage: http://en.ec-cube.net/ Software Link: http://en.ec-cube.net/download/ Version: 2.12.6en-p1 Tested on: Xampp on Windows7 Fuzzing tool:...

EC-CUBE 2.12.6 Server-Side Request Forgery

Exploit Title: EC-CUBE 2.12.6 Server-Side Request Forgery Date: 22/10/16 Exploit Author: Wad Deek Vendor Homepage: http://en.ec-cube.net/ Software Link: http://en.ec-cube.net/download/ Version: 2.12.6en-p1 Tested on: Xampp on Windows7 Fuzzing tool:...

EC-CUBE 2.12.6 - Server-Side Request Forgery

Exploit Title: EC-CUBE 2.12.6 Server-Side Request Forgery Date: 22/10/16 Exploit Author: Wad Deek Vendor Homepage: http://en.ec-cube.net/ Software Link: http://en.ec-cube.net/download/ Version: 2.12.6en-p1 Tested on: Xampp on Windows7 Fuzzing tool:...

SPIP 3.1.2 Server Side Request Forgery Vulnerability

Exploit for php platform in category web applications SPIP 3.1.2 Server Side Request Forgery CVE-2016-7999 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed...

SPIP 3.1.2 Server Side Request Forgery

SPIP 3.1.2 Server Side Request Forgery CVE-2016-7999 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence. Vulnerability Description It...

Magento Community Edition < 1.9.2.1 Multiple Vulnerabilities

Binary data 9677.prm...

Server side request forgery (ssrf)

The linkreport/tmp/adminglobal page in Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request...

Server side request forgery (ssrf)

The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request...