9232 matches found
Emerson Liebert SiteScan XML External Entity Vulnerability
OVERVIEW Researcher Evgeny Ermakov from Kaspersky Lab has identified an XML External Entity XXE vulnerability affecting Emerson’s Liebert SiteScan application. Emerson has produced patches to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...
vBulletin 5.2.2 - Server-Side Request Forgery
vBulletin 5.2.2 - Server-Side Request Forgery ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-6483 - Release date: 05.08.2016 - Severity: High ============================================= I...
vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery
Exploit for php platform in category web applications ''' ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-6483 - Release date: 05.08.2016 - Severity: High ============================================= I...
Instacart: Server side request forgery on image upload for lists
Summary ---------- There is a Server-side request forgery when updating the image for a list. Steps to reproduce ----------------- 1. Create a list and change its image. That will send a POST request to https://beta.instacart.com/api/v2/lists/LISTID with the following parameters:...
WordPress SSRF Vulnerability
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress versions prior to 4.5, which stems from the program ignoring oct...
SSRF Vulnerability in OpenSNS Social System
OpenSNS is a lightweight social user-centered framework based on OneThink for ... An SSRF vulnerability exists in /Public/js.php in OpenSNS Social System due to the program failing to adequately filter data. An attacker is allowed to exploit the vulnerability to probe intranet information...
WSO2 SOA Enablement Server Server Side Request Forgery
Title: WSO2 SOA Enablement Server - Server Side Request Forgery Authors: Pawel Gocyla Date: 10. June 2016 Affected Software: ================== WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 Probably other versions are also vulnerable. Vulnerability: Server Side Request Forge...
HP Service Manager Multiple Vulnerabilities (Jul 2016)
HP Service Manager is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:hp:servicemanager"; if...
Server side request forgery (ssrf)
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and trigger network traffic to arbitrary intranet hosts, via a crafted request...
Symantec Endpoint Protection Manager 12.1.x < 12.1 RU6 MP5 Multiple Vulnerabilities (SYM16-011)
The version of Symantec Endpoint Protection Manager SEPM installed on the remote host is prior to 12.1 RU6 MP5. It is, therefore, affected by the following vulnerabilities : - A race condition exists in the SEP client that allows a local attacker to bypass security restrictions, resulting in the...
New Relic: http://newrelic.com SSRF/XSPA
A Server Side Request Forgery / Cross Site Port Attack was discovered via a POST request to http://newrelic.com/syntheticspreviews and using the parameter within the body of the request testurl. A Server Side Request Forgery vulnerability allows to issue remote connections on behalf of the affect...
Server side request forgery (ssrf)
HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery SSRF attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and...
Python urllib HTTP header injection vulnerability-vulnerability warning-the black bar safety net
The Python urllib library in Python 2 for urllib2 in Python 3 to urllib is a HTTP Protocol the following Protocol flow injection vulnerabilities. If an attacker can control the Python code to access an arbitrary URL, or allow Python code to access a malicious web servr, and that this vulnerabilit...
Nextcloud: Server side request forgery (SSRF) on nextcloud implementation.
An admin of nextcloud server can add other trusted nextcloud server in his own installation. The following request passes when a new add request is processed: http POST /nextcloud/index.php/apps/federation/trusted-servers HTTP/1.1 Host: myown.nextcloudserver.com User-Agent: Mozilla/5.0 Macintosh;...
WordPress < 4.5 Multiple Vulnerabilities
Binary data 9366.prm...
Nagios XI Multiple Vulnerabilities (Jun 2016)
Nagios XI is prone to multiple vulnerabilities. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.105749. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Nagios XI 5.2.7 - Multiple Vulnerabilities
, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Nagios XI Multiple Vulnerabilities Affected versions: Nagios XI = 5.2.7 PDF:...
Nagios XI < 5.2.8 Multiple Vulnerabilities - Active Check
Nagios XI is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nagios:nagiosxi"; if description...
Server side request forgery (ssrf)
The administrative user interface in Pulse Connect Secure PCS 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery SSRF attacks via unspecified vectors...
CVE-2016-2222
The wphttpvalidateurl function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery SSRF attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php...