45 matches found
CVE-2023-41339 Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles,...
CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...
CVE-2020-24641
In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative...
Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF
Exploit Title: Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF Date: 2020-07-30 Author: Julien Ahrens Vendor Homepage: https://www.acronis.com Version: 12.5 Build 16341 CVE: CVE-2020-16171 VERSIONS AFFECTED ==================== Acronis Cyber Backup v12.5 Build 16327 and probably belo...
TestLink 1.9.19 Server-Side Request Forgery
Exploit Title : TestLink version = 1.9.19 Server Side Request Forgery Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://testlink.org Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi Discovered At : Indishell Lab...