66 matches found
Ivanti SAML - Server Side Request Forgery (SSRF)
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. id: CVE-2024-21893 info: name: Ivanti SAML - Server...
Online Eyewear Shop 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Online Eyewear Shop v1.0 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0...
CVE-2024-8120 ImageRecycle pdf & image compression <= 3.1.14 - Cross-Site Request in Several AJAX Actions
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on several functions in the class/class-image-otimizer.php file. This makes it possible for...
Lost and Found Information System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Lost and Found Information System v1.0 v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...
Accounting Journal Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Accounting Journal Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
CVE-2024-42624
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/page/delete/10...
CVE-2024-6524 ShopXO Uploader.php server-side request forgery
A vulnerability was found in ShopXO up to 6.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file extend/base/Uploader.php. The manipulation of the argument source leads to server-side request forgery. The attack can be launched remotely. Th...
CVE-2024-4219
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability...
CVE-2024-34814
Cross-Site Request Forgery CSRF vulnerability in Unyson Unyson unyson.This issue affects Unyson: from n/a through = 2.7.29...
CVE-2024-1233
A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF...
Easy Social Feed < 6.5.5 - Cross-Site Request Forgery
Description The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esfinstasaveaccesstoken and...
Server side request forgery (ssrf)
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF...
Amazon Linux 2 : xmlgraphics-commons (ALAS-2024-2411)
The version of xmlgraphics-commons installed on the remote host is prior to 1.5-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2411 advisory. Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input...
CVE-2023-44286
Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a DOM-based Cross-Site Scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the injection of malicious HTML or JavaScript code to a...
CVE-2023-48328
Cross-Site Request Forgery CSRF vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37...
CVE-2023-48711 Server-Side Request Forgery (SSRF) Vulnerability in google-translate-api-browser
google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set ...
Crayon Syntax Highlighter <= 2.8.4 - Contributor+ Server Side Request Forgery
Description The plugin is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web applicati...
Epson Printers CSRF Vulnerability (Apr 2023)
Multiple Epson printer models are prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2023-30444 IBM Watson Machine Learning on Cloud Pak for Data server-side request forgery
IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350...
X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)
Exploit Title: X-Skipper-Proxy v0.13.237 - Server Side Request Forgery SSRF Date: 24/10/2022 Exploit Author: Hosein Vita & Milad Fadavvi Vendor Homepage: https://github.com/zalando/skipper Software Link: https://github.com/zalando/skipper Version: v0.13.237 Tested on: Linux CVE: CVE-2022-38580...