CVE-2014-9301

Server-side request forgery SSRF vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter...

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter...

CVE-2014-9302

Server-side request forgery SSRF vulnerability in the cmisbrowser servlet in Content Management Interoperability Service CMIS in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter...

CVE-2014-9302

CVE-2014-9302 describes a server-side request forgery (SSRF) in the cmisbrowser servlet of CMIS in Alfresco Community Edition 5.0.a and earlier. The vulnerability allows remote attackers to trigger outbound requests by providing a crafted value in the url parameter. Affected component: cmisbrowse...

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter...

[SECURITY] [DSA 3085-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3085-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez December 03, 2014 http://www.debian.org/security/faq -...

DSA-3085-1 wordpress - security update

Bulletin has no description...

CVE-2014-8749

Server-side request forgery SSRF vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter...

CVE-2014-5237

Server-side request forgery SSRF vulnerability in the documentconverter component in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text...

CVE-2014-2233

Server-side request forgery SSRF vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors...

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors...

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in the documentconverter component in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text...

CVE-2014-2233

Server-side request forgery SSRF vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors...

CVE-2014-2233

CVE-2014-2233 (Infoware MapSuite MapAPI) is a Server-Side Request Forgery (SSRF) vulnerability in MapSuite MapAPI that allows an attacker to trigger requests from the vulnerable server to internal/intranet targets via specially crafted input parameters. Affected versions are MapAPI prior to 1.0.3...

Server side request forgery (ssrf)

The respjsippubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service crash via crafted headers in a SIP SUBSCRIBE request for an event package...

CVE-2014-9038

wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery SSRF attacks by referring to a 127.0.0.0/8 resource...

CVE-2014-9038

wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery SSRF attacks by referring to a 127.0.0.0/8 resource...

WordPress < 3.7.5 / 3.8.5 / 3.9.3 / 4.0.1 Multiple Vulnerabilities

According to its version number, the WordPress application installed on the remote web server is affected by multiple vulnerabilities : - Multiple unspecified errors exist that could allow cross-site scripting attacks. - An unspecified error exists that could allow cross-site request forgery...

Server side request forgery (ssrf)

The Best Free Giveaways aka com.wIphone5GiveAways application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Server side request forgery (ssrf)

Bulb Security Smartphone Pentest Framework SPF before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request...