Lucene search
K

9242 matches found

Prion
Prion
added 2013/07/08 8:55 p.m.33 views

Server side request forgery (ssrf)

The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery SSRF issue, a similar vulnerability to CVE-2013-0235...

4.3CVSS7.3AI score0.28857EPSS
Exploits3References4Affected Software1
UbuntuCve
UbuntuCve
added 2013/07/08 8:55 p.m.35 views

CVE-2013-2199

The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery SSRF issue, a similar vulnerability to CVE-2013-0235...

4.3CVSS5.9AI score0.02044EPSS
Exploits0References2
OSV
OSV
added 2013/07/08 8:55 p.m.9 views

CVE-2013-0235

The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery SSRF issue...

6.7AI score
Exploits0References6
Prion
Prion
added 2013/07/08 8:55 p.m.29 views

Server side request forgery (ssrf)

The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery SSRF issue...

6.4CVSS7AI score0.28857EPSS
Exploits3References5Affected Software1
CVE
CVE
added 2013/07/08 8:0 p.m.87 views

CVE-2013-2199

The CVE-2013-2199 entry concerns WordPress HTTP API vulnerability that permits SSRF-like behavior in WordPress before 3.5.2. Connected sources specify the issue as enabling remote servers to trigger HTTP requests to internal/intranet hosts via unspecified vectors, with a similar context to CVE-20...

4.3CVSS6.7AI score0.02044EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/06/28 12:0 a.m.50 views

WordPress < 3.5.2 Multiple Vulnerabilities

According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - The application contains a denial of service attack, affecting sites using password-protected posts. CVE-2013-2173 - The application is affected by a server-side...

4.3CVSS5.3AI score0.03373EPSS
Exploits3References12
ThreatPost
ThreatPost
added 2013/06/25 12:33 p.m.11 views

WordPress Update 3.5.2 Patches Seven Vulnerabilities

WordPress, which has been a jumping off point for a number of targeted attacks and other high-profile hacks, has been updated and the latest version includes a number of security patches. Version 3.5.2, released late last week, includes seven security fixes and some additional hardening, accordin...

7.6AI score
Exploits0References6
FreeBSD
FreeBSD
added 2013/06/21 12:0 a.m.44 views

wordpress -- multiple vulnerabilities

The wordpress development team reports: Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site Disallow contributors from improperly publishing posts An update to the SWFUpload external library to fix cross-site scripting vulnerabilities...

4.3CVSS6.5AI score0.0296EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2013/06/21 12:0 a.m.9 views

WordPress 3.5-3.5.1 HTTP API Unspecified Server Side Request Forgery (SSRF)

...

0.5AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/05/25 12:0 a.m.33 views

WordPress < 3.5.2 Multiple Vulnerabilities

Binary data 6883.prm...

4.3CVSS6.7AI score0.03373EPSS
Exploits3References11
Tenable Nessus
Tenable Nessus
added 2013/02/04 12:0 a.m.1016 views

WordPress 'xmlrpc.php' pingback.ping Server-Side Request Forgery

The WordPress install hosted on the remote web server is affected by a server-side request forgery vulnerability because the 'pingback.ping' method used in 'xmlrpc.php' fails to properly validate source URIs Uniform Resource Identifiers. A remote, unauthenticated attacker can exploit this issue t...

6.4CVSS5.9AI score0.28857EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2013/02/04 12:0 a.m.55 views

WordPress < 3.5.1 Multiple Vulnerabilities

According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by a server-side request forgery vulnerability in the 'pingback.ping' method used in 'xmlrpc.php'. This vulnerability can be used to expos...

6.4CVSS5.7AI score0.28857EPSS
Exploits5References8
Tenable Nessus
Tenable Nessus
added 2013/01/30 12:0 a.m.36 views

FreeBSD : wordpress -- multiple vulnerabilities (559e00b7-6a4d-11e2-b6b0-10bf48230856)

Wordpress reports : WordPress 3.5.1 also addresses the following security issues : - A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPres...

6.4CVSS5.7AI score0.28857EPSS
Exploits5References4
FreeBSD
FreeBSD
added 2013/01/24 12:0 a.m.53 views

wordpress -- multiple vulnerabilities

Wordpress reports: WordPress 3.5.1 also addresses the following security issues: A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress...

6.4CVSS6AI score0.28857EPSS
Exploits3
Prion
Prion
added 2012/11/30 10:55 p.m.7 views

Server side request forgery (ssrf)

The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node type page" permission to access unpublished nodes via a direct request...

3.5CVSS6.7AI score0.00962EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2012/09/04 8:55 p.m.21 views

Server side request forgery (ssrf)

The Command Line Interface CLI script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request...

5CVSS7AI score0.03091EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2012/08/31 10:55 p.m.17 views

Server side request forgery (ssrf)

The webnoderegister function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors...

7.5CVSS8.3AI score0.02727EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2012/08/25 4:55 p.m.12 views

Server side request forgery (ssrf)

Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...

6.4CVSS7.1AI score0.01308EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2012/08/25 4:55 p.m.17 views

Server side request forgery (ssrf)

s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...

5.8CVSS6.8AI score0.0173EPSS
Exploits1References12Affected Software1
Prion
Prion
added 2012/08/25 4:55 p.m.10 views

Server side request forgery (ssrf)

Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...

5.8CVSS6.6AI score0.00831EPSS
Exploits1References2
Rows per page
Query Builder