Lucene search
+L

9406 matches found

debian
debian
added 2017/03/27 11:5 p.m.102 views

[SECURITY] [DLA 875-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u8 CVE ID : CVE-2016-7478 CVE-2016-7479 CVE-2017-7272 Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especially suited for web development and...

9.8CVSS9.1AI score0.42401EPSS
Exploits5
osv
osv
added 2017/03/21 6:59 a.m.44 views

DEBIAN-CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

5.8CVSS5.7AI score0.02034EPSS
Exploits0References1
redhatcve
redhatcve
added 2017/03/21 5:47 a.m.29 views

CVE-2017-7200

The copyfrom feature in Image Service API v1 allows an attacker to perform masked network port scans. It is possible to create images with a URL such as 'http://localhost:22'. This could allow an attacker to enumerate internal network details while appearing masked, because the scan appears to...

6.5CVSS2.5AI score0.02034EPSS
Exploits0References2
prion
prion
added 2017/03/16 3:59 p.m.16 views

Server side request forgery (ssrf)

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

5.8CVSS7.2AI score0.01992EPSS
Exploits0References8Affected Software1
osv
osv
added 2017/03/16 3:59 p.m.5 views

CVE-2017-5617

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

7.4CVSS7.3AI score
Exploits0References8
ptsecurity
ptsecurity
added 2017/03/16 12:0 a.m.12 views

PT-2018-41: Server-Side Request Forgery in SAP NetWeaver Knowledge Management Configuration Service

The specialists of the Positive Research center have detected a Server-Side Request Forgery vulnerability in SAP NetWeaver Knowledge Management Configuration Service. A server-side request forgery SSRF vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 allow...

6.6CVSS5.2AI score0.0087EPSS
Exploits0References3
cve
cve
added 2017/03/03 4:0 p.m.150 views

CVE-2015-8813

The CVE-2015-8813 entry affects Umbraco before 7.4.0, where the Page_Load code in FeedProxy.aspx.cs is vulnerable to server-side request forgery (SSRF) via the url parameter. Public descriptions (including the Nuclei template) confirm that an attacker can trigger arbitrary HTTP GET requests to ta...

8.2CVSS8.2AI score0.11595EPSS
Exploits1References6Affected Software1
nessus
nessus
added 2017/02/27 12:0 a.m.48 views

Debian DLA-834-1 : phpmyadmin security update

A server-side request forgery vulnerability was reported for the setup script in phpmyadmin, a MYSQL web administration tool. This flaw may allow an unauthenticated attacker to brute-force MYSQL passwords, detect internal hostnames or opened ports on the internal network. Additionally there was a...

8.6CVSS7.8AI score0.01927EPSS
Exploits0References3
debian
debian
added 2017/02/24 6:34 a.m.25 views

[SECURITY] [DLA 834-1] phpmyadmin security update

Package : phpmyadmin Version : 4:3.4.11.1-2+deb7u8 CVE ID : CVE-2016-6621 A server-side request forgery vulnerability was reported for the setup script in phpmyadmin, a MYSQL web administration tool. This flaw may allow an unauthenticated attacker to brute-force MYSQL passwords, detect internal...

8.6CVSS9AI score0.01927EPSS
Exploits0
packetstorm
packetstorm
added 2017/02/20 12:0 a.m.82 views

Lithium Forum Server-Side Request Forgery

Document Title: =============== Lithium Forum - Compose Message SSRF Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2030 Release Date: ============= 2017-02-20 Vulnerability Laboratory ID VL-ID: ==================================== 2030...

0.7AI score
Exploits0
nvd
nvd
added 2017/02/17 2:59 a.m.17 views

CVE-2016-4312

XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...

7.5CVSS8.2AI score0.05997EPSS
Exploits5References6
prion
prion
added 2017/02/17 2:59 a.m.18 views

Server side request forgery (ssrf)

XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...

6CVSS8.6AI score0.05997EPSS
Exploits6References6Affected Software1
cvelist
cvelist
added 2017/02/16 6:0 p.m.26 views

CVE-2016-4312

XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...

8.2AI score0.05997EPSS
Exploits5References6
nessus
nessus
added 2017/02/06 12:0 a.m.35 views

Debian DLA-816-1 : svgsalamander security update

Luc Lynx discovered a Server-Side Request Forgery in svgSalamander allowing access to the trusted network with specially crafted SVG files. For Debian 7 'Wheezy', these problems have been fixed in version 0svn95-1+deb7u1. We recommend that you upgrade your svgsalamander packages. NOTE: Tenable...

7.4CVSS7.2AI score0.01992EPSS
Exploits0References3
nessus
nessus
added 2017/02/06 12:0 a.m.34 views

Debian DSA-3781-1 : svgsalamander - security update

Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3781. The text itself is...

7.4CVSS7.2AI score0.01992EPSS
Exploits0References3
openvas
openvas
added 2017/02/05 12:0 a.m.26 views

Debian Security Advisory DSA 3781-1 (svgsalamander - security update)

Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery. OpenVAS Vulnerability Test $Id: deb3781.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3781-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks...

5.8CVSS7.3AI score0.01992EPSS
Exploits0References1
debian
debian
added 2017/02/03 10:55 a.m.20 views

[SECURITY] [DLA 816-1] svgsalamander security update

Package : svgsalamander Version : 0svn95-1+deb7u1 CVE ID : CVE-2017-5617 Debian Bug : 853134 Luc Lynx discovered a Server-Side Request Forgery in svgSalamander allowing access to the trusted network with specially crafted SVG files. For Debian 7 "Wheezy", these problems have been fixed in version...

7.4CVSS7.7AI score0.01992EPSS
Exploits0
veracode
veracode
added 2017/02/02 7:38 a.m.15 views

Server Side Request Forgery (SSRF)

svg-salamander is vulnerable to server side request forgery SSRF attacks. The vulnerability exists because svg-salamander does not restrict the schemes supported in the SVG file. An attacker can exploit this vulnerability by supplying a SVG file with file://, jar://, or other application specific...

7.4CVSS7.1AI score0.01992EPSS
Exploits0References9Affected Software1
veracode
veracode
added 2017/02/01 7:3 a.m.37 views

Server-Side Request Forgery (SSRF)

ImageMagick is vulnerable to server-side request forgery SSRF. A malicious user can send a malicious .mvg file to force a HTTP, GET or FTP request a user...

5.5CVSS6.9AI score0.76897EPSS
Exploits4References22Affected Software1
prion
prion
added 2017/01/31 10:59 p.m.14 views

Server side request forgery (ssrf)

The fetchremotefile function in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...

5.8CVSS7.3AI score0.01651EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder