9406 matches found
[SECURITY] [DLA 875-1] php5 security update
Package : php5 Version : 5.4.45-0+deb7u8 CVE ID : CVE-2016-7478 CVE-2016-7479 CVE-2017-7272 Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especially suited for web development and...
DEBIAN-CVE-2017-7200
An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...
CVE-2017-7200
The copyfrom feature in Image Service API v1 allows an attacker to perform masked network port scans. It is possible to create images with a URL such as 'http://localhost:22'. This could allow an attacker to enumerate internal network details while appearing masked, because the scan appears to...
Server side request forgery (ssrf)
The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...
CVE-2017-5617
The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...
PT-2018-41: Server-Side Request Forgery in SAP NetWeaver Knowledge Management Configuration Service
The specialists of the Positive Research center have detected a Server-Side Request Forgery vulnerability in SAP NetWeaver Knowledge Management Configuration Service. A server-side request forgery SSRF vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 allow...
CVE-2015-8813
The CVE-2015-8813 entry affects Umbraco before 7.4.0, where the Page_Load code in FeedProxy.aspx.cs is vulnerable to server-side request forgery (SSRF) via the url parameter. Public descriptions (including the Nuclei template) confirm that an attacker can trigger arbitrary HTTP GET requests to ta...
Debian DLA-834-1 : phpmyadmin security update
A server-side request forgery vulnerability was reported for the setup script in phpmyadmin, a MYSQL web administration tool. This flaw may allow an unauthenticated attacker to brute-force MYSQL passwords, detect internal hostnames or opened ports on the internal network. Additionally there was a...
[SECURITY] [DLA 834-1] phpmyadmin security update
Package : phpmyadmin Version : 4:3.4.11.1-2+deb7u8 CVE ID : CVE-2016-6621 A server-side request forgery vulnerability was reported for the setup script in phpmyadmin, a MYSQL web administration tool. This flaw may allow an unauthenticated attacker to brute-force MYSQL passwords, detect internal...
Lithium Forum Server-Side Request Forgery
Document Title: =============== Lithium Forum - Compose Message SSRF Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2030 Release Date: ============= 2017-02-20 Vulnerability Laboratory ID VL-ID: ==================================== 2030...
CVE-2016-4312
XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...
Server side request forgery (ssrf)
XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...
CVE-2016-4312
XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...
Debian DLA-816-1 : svgsalamander security update
Luc Lynx discovered a Server-Side Request Forgery in svgSalamander allowing access to the trusted network with specially crafted SVG files. For Debian 7 'Wheezy', these problems have been fixed in version 0svn95-1+deb7u1. We recommend that you upgrade your svgsalamander packages. NOTE: Tenable...
Debian DSA-3781-1 : svgsalamander - security update
Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3781. The text itself is...
Debian Security Advisory DSA 3781-1 (svgsalamander - security update)
Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery. OpenVAS Vulnerability Test $Id: deb3781.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3781-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks...
[SECURITY] [DLA 816-1] svgsalamander security update
Package : svgsalamander Version : 0svn95-1+deb7u1 CVE ID : CVE-2017-5617 Debian Bug : 853134 Luc Lynx discovered a Server-Side Request Forgery in svgSalamander allowing access to the trusted network with specially crafted SVG files. For Debian 7 "Wheezy", these problems have been fixed in version...
Server Side Request Forgery (SSRF)
svg-salamander is vulnerable to server side request forgery SSRF attacks. The vulnerability exists because svg-salamander does not restrict the schemes supported in the SVG file. An attacker can exploit this vulnerability by supplying a SVG file with file://, jar://, or other application specific...
Server-Side Request Forgery (SSRF)
ImageMagick is vulnerable to server-side request forgery SSRF. A malicious user can send a malicious .mvg file to force a HTTP, GET or FTP request a user...
Server side request forgery (ssrf)
The fetchremotefile function in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery SSRF attacks via unspecified vectors...