Lucene search
+L

74 matches found

OSV
OSV
added 2023/12/20 5:25 a.m.9 views

CVE-2023-6974 Server-Side Request Forgery (SSRF)

A malicious user could use this issue to access internal HTTPs servers and in the worst case ie: aws instance it could be abuse to get a remote code execution on the victim machine...

8.6CVSS7.8AI score0.01507EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.6 views

PT-2023-32830

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description A malicious user could use this issue to access internal HTTPs servers. In the worst case, such as an AWS instance, it could be abused to get a remote cod...

9.8CVSS7.8AI score0.01507EPSS
Exploits1References13
Veracode
Veracode
added 2023/10/23 1:56 p.m.19 views

Server Side Request Forgery (SSRF)

shenyu is vulnerable to Server-Side Request Forgery. This vulnerability exists because it does not properly validate the requestUrl parameter, allowing an attacker to access internal servers and resources to perform unauthorized actions...

6.5CVSS6.8AI score0.00838EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2023/10/20 10:15 a.m.23 views

Server side request forgery (ssrf)

A server-side request forgery vulnerability CWE-918 in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal...

4CVSS6.4AI score0.01221EPSS
Exploits1References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/10/20 9:4 a.m.13 views

CVE-2023-44256

A server-side request forgery vulnerability CWE-918 in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal...

6.5CVSS6.8AI score0.01221EPSS
Exploits1References2
OSV
OSV
added 2023/10/03 9:54 p.m.8 views

GHSA-XM7X-F3W2-4HJM Presto JDBC Server-Side Request Forgery by redirect

Summary Presto JDBC is vulnerable to Server-Side Request Forgery SSRF when connecting a remote Presto server. An attacker can construct a redirect response that Presto JDBC client will follow and view sensitive information from highly sensitive internal servers or perform a local port scan. Detai...

7.6CVSS6.2AI score
Exploits0References2
Veracode
Veracode
added 2023/07/09 7:50 a.m.23 views

Server Side Request Forgery (SSRF)

net.sourceforge.plantuml: is vulnerable to Server Side Request Forgery SSRF. The vulnerability exists because the URL restrictions imposed by the different security profiles could be bypassed which allows an attacker to access the internal servers and resources to perform unauthorized actions...

10CVSS6.8AI score0.0087EPSS
Exploits1References5Affected Software2
Prion
Prion
added 2023/03/03 10:15 p.m.18 views

Server side request forgery (ssrf)

Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...

5CVSS7.8AI score0.0096EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/03/03 9:49 p.m.45 views

CVE-2023-26492 Directus vulnerable to Server-Side Request Forgery On File Import

Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery SSRF when importing a file from a remote web server POST to /files/import. An attacker can bypass the security controls by performing a DNS rebinding attack and...

5CVSS7.8AI score0.0096EPSS
Exploits1References5
Huntr
Huntr
added 2022/06/14 11:5 a.m.78 views

SSRF via Import URL

Description While importing CSV and Excel file via an URL, the server does not validate requests properly that's how the attacker can able to make requests to internal servers and access the contents. Proof of Concept 1. Go to any project 2. From Dashboard, click on Add / Import CSV or Microsoft...

5CVSS0.6AI score0.01841EPSS
Exploits1
OSV
OSV
added 2022/06/14 12:0 a.m.17 views

GHSA-MX8Q-JQWM-85MV NocoDB information disclosure vulnerability

In NocoDB prior to 0.91.7, the SMTP plugin doesn't have verification or validation. This allows attackers to make requests to internal servers and read the contents...

7.5CVSS7.3AI score0.01418EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/24 7:18 p.m.24 views

Camaleon CMS vulnerable to Server-Side Request Forgery

In Camaleon CMS, versions 2.1.2.0 through 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to...

4.9CVSS4.4AI score0.00954EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 7:18 p.m.15 views

GHSA-VX6P-Q4GJ-X6XX Camaleon CMS vulnerable to Server-Side Request Forgery

In Camaleon CMS, versions 2.1.2.0 through 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to...

4.9CVSS4.9AI score0.00954EPSS
Exploits0References5
Veracode
Veracode
added 2022/05/17 2:18 p.m.17 views

Server Side Request Forgery (SSRF)

PlantUML is vulnerable to server side request forgery. The vulnerability exists because the PlantUML methods are not properly validated which allows an attacker to access the internal servers and resources and perform unauthorized actions...

9.1CVSS8.7AI score0.01547EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2021/10/20 12:15 p.m.25 views

CVE-2021-25972

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read...

4.9CVSS0.00954EPSS
Exploits0References2
OSV
OSV
added 2021/10/20 12:15 p.m.20 views

CVE-2021-25972

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read...

4.9CVSS6.5AI score0.00954EPSS
Exploits0References2
Prion
Prion
added 2021/10/20 12:15 p.m.11 views

Server side request forgery (ssrf)

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read...

4CVSS4.9AI score0.00954EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/10/20 11:55 a.m.32 views

CVE-2021-25972 Camaleon CMS - Server-Side Request Forgery (SSRF) in Media Upload Feature

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read...

4.9CVSS5.3AI score0.00954EPSS
Exploits0References2
CNVD
CNVD
added 2021/08/31 12:0 a.m.11 views

IBM Sterling Secure Proxy Weak Encryption Algorithm Vulnerability (CNVD-2021-68436)

IBM Sterling Secure Proxy creates a security barrier for trusted networks by preventing direct connections between external partners and internal servers. IBM Sterling Secure Proxy versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contain a weak encryption algorithm vulnerability. An attacker could...

7.5CVSS2.4AI score0.00919EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2021/05/05 12:0 a.m.99 views

Apache Solr Server-Side Request Forgery (CVE-2021-27905)

A sever-side request forgery vulnerability exists in Apache Solr. The vulnerability is due to a lack of validation on the subdomain parameter in HTTP requests. Successful exploitation of this vulnerability could allow an unauthenticated attacker to make a request to any internal and external serv...

7.5CVSS1.3AI score0.93053EPSS
Exploits5
Rows per page
Query Builder