Lucene search
K

9581 matches found

Cvelist
Cvelist
added 2015/06/10 1:0 a.m.26 views

CVE-2015-1764

The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery SSRF issue, aka "Exchange Server-Side Request Forger...

6.4AI score0.1356EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/06/10 12:0 a.m.46 views

MS15-064: Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)

The remote Microsoft Exchange server is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A server-side request forgery vulnerability exists in Microsoft Exchange web applications due to improper management of same-origin policy. An attacker can exploit this by...

6.8CVSS5.7AI score0.1356EPSS
Exploits0References4
Debian
Debian
added 2015/06/01 12:11 p.m.57 views

[SECURITY] [DLA 236-1] wordpress security update

Package : wordpress Version : 3.6.1+dfsg-1deb6u6 CVE ID : CVE-2014-9031 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 CVE-2015-3438 CVE-2015-3439 CVE-2015-3440 Debian Bug : 783347 783554 770425 In the Debian squeeze-lts version of Wordpress,...

6.8CVSS6.2AI score0.82702EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2015/02/23 12:0 a.m.31 views

X2Engine < 4.2 Multiple Vulnerabilities

According to its version number, the X2Engine application installed on the remote web server is potentially affected by multiple vulnerabilities : - A PHP object injection vulnerability exists which can be used to carry out Server-Side Request Forgery SSRF attacks using specially crafted serializ...

7.5CVSS6.1AI score0.03002EPSS
Exploits4References6
Prion
Prion
added 2015/02/20 11:59 a.m.11 views

Server side request forgery (ssrf)

Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request...

10CVSS8.1AI score0.02963EPSS
Exploits0References3Affected Software1
myhack58
myhack58
added 2015/02/10 12:0 a.m.20 views

SSRF vulnerability of the mining experience-the vulnerability warning-the black bar safety net

SSRF overview SSRFServer-Side Request Forgery:server side request forgery is a by the attacker structure is formed by the service terminal initiating the request of a security vulnerability. Under normal circumstances, the SSRF attack the target from outside the network cannot access the internal...

0.1AI score
Exploits0
Prion
Prion
added 2015/02/01 2:59 a.m.19 views

Server side request forgery (ssrf)

QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request...

6.4CVSS7.1AI score0.01347EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2015/01/04 12:0 a.m.2 views

phpThumb Server-Side Request Forgery Vulnerability

phpThumb is a PHP class used to generate thumbnails of images. Versions of phpThumb prior to 1.7.12 configure the disabledebug option with a default value of false, which allows remote attackers to perform server-side request forgery SSRF attacks via the src parameter...

4.3CVSS7.1AI score0.01191EPSS
Exploits1References1
CVE
CVE
added 2014/12/27 6:0 p.m.43 views

CVE-2013-6919

The CVE-2013-6919 issue affects phpThumb prior to 1.7.12, where the default disable_debug option is incorrectly configured as false, enabling remote attackers to trigger Server-Side Request Forgery (SSRF) via the src parameter. Documented sources confirm the vulnerability condition (default confi...

4.3CVSS7AI score0.01191EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2014/12/17 7:59 p.m.14 views

Server side request forgery (ssrf)

Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service crash via a crafted ICAP request...

5CVSS7.1AI score0.0279EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2014/12/07 9:59 p.m.18 views

CVE-2014-9302

Server-side request forgery SSRF vulnerability in the cmisbrowser servlet in Content Management Interoperability Service CMIS in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter...

5CVSS6.6AI score0.02008EPSS
Exploits1References2
NVD
NVD
added 2014/12/07 9:59 p.m.21 views

CVE-2014-9301

Server-side request forgery SSRF vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter...

6.4CVSS6.7AI score0.04049EPSS
Exploits1References2
Prion
Prion
added 2014/12/07 9:59 p.m.18 views

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter...

6.4CVSS7.2AI score0.04049EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2014/12/07 9:0 p.m.29 views

CVE-2014-9302

Server-side request forgery SSRF vulnerability in the cmisbrowser servlet in Content Management Interoperability Service CMIS in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter...

6.6AI score0.02008EPSS
Exploits1References2
CVE
CVE
added 2014/12/07 9:0 p.m.45 views

CVE-2014-9302

CVE-2014-9302 describes a server-side request forgery (SSRF) in the cmisbrowser servlet of CMIS in Alfresco Community Edition 5.0.a and earlier. The vulnerability allows remote attackers to trigger outbound requests by providing a crafted value in the url parameter. Affected component: cmisbrowse...

5CVSS6.8AI score0.02008EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2014/12/05 10:59 p.m.15 views

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter...

5.8CVSS7.3AI score0.01889EPSS
Exploits1References1Affected Software1
Debian
Debian
added 2014/12/03 8:38 a.m.56 views

[SECURITY] [DSA 3085-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3085-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez December 03, 2014 http://www.debian.org/security/faq -...

6.8CVSS6.5AI score0.82702EPSS
Exploits8
OSV
OSV
added 2014/12/03 12:0 a.m.44 views

DSA-3085-1 wordpress - security update

Bulletin has no description...

6.8CVSS6.2AI score0.82702EPSS
Exploits8
NVD
NVD
added 2014/12/01 3:59 p.m.25 views

CVE-2014-8749

Server-side request forgery SSRF vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter...

5CVSS6.8AI score0.01888EPSS
Exploits2References2
NVD
NVD
added 2014/12/01 3:59 p.m.18 views

CVE-2014-5237

Server-side request forgery SSRF vulnerability in the documentconverter component in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text...

4.3CVSS6.7AI score0.02357EPSS
Exploits1References3
Rows per page
Query Builder