9581 matches found
CVE-2015-1764
The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery SSRF issue, aka "Exchange Server-Side Request Forger...
MS15-064: Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3062157)
The remote Microsoft Exchange server is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A server-side request forgery vulnerability exists in Microsoft Exchange web applications due to improper management of same-origin policy. An attacker can exploit this by...
[SECURITY] [DLA 236-1] wordpress security update
Package : wordpress Version : 3.6.1+dfsg-1deb6u6 CVE ID : CVE-2014-9031 CVE-2014-9033 CVE-2014-9034 CVE-2014-9035 CVE-2014-9036 CVE-2014-9037 CVE-2014-9038 CVE-2014-9039 CVE-2015-3438 CVE-2015-3439 CVE-2015-3440 Debian Bug : 783347 783554 770425 In the Debian squeeze-lts version of Wordpress,...
X2Engine < 4.2 Multiple Vulnerabilities
According to its version number, the X2Engine application installed on the remote web server is potentially affected by multiple vulnerabilities : - A PHP object injection vulnerability exists which can be used to carry out Server-Side Request Forgery SSRF attacks using specially crafted serializ...
Server side request forgery (ssrf)
Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request...
SSRF vulnerability of the mining experience-the vulnerability warning-the black bar safety net
SSRF overview SSRFServer-Side Request Forgery:server side request forgery is a by the attacker structure is formed by the service terminal initiating the request of a security vulnerability. Under normal circumstances, the SSRF attack the target from outside the network cannot access the internal...
Server side request forgery (ssrf)
QPR Portal before 2012.2.1 allows remote attackers to modify or delete notes via a direct request...
phpThumb Server-Side Request Forgery Vulnerability
phpThumb is a PHP class used to generate thumbnails of images. Versions of phpThumb prior to 1.7.12 configure the disabledebug option with a default value of false, which allows remote attackers to perform server-side request forgery SSRF attacks via the src parameter...
CVE-2013-6919
The CVE-2013-6919 issue affects phpThumb prior to 1.7.12, where the default disable_debug option is incorrectly configured as false, enabling remote attackers to trigger Server-Side Request Forgery (SSRF) via the src parameter. Documented sources confirm the vulnerability condition (default confi...
Server side request forgery (ssrf)
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service crash via a crafted ICAP request...
CVE-2014-9302
Server-side request forgery SSRF vulnerability in the cmisbrowser servlet in Content Management Interoperability Service CMIS in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter...
CVE-2014-9301
Server-side request forgery SSRF vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter...
Server side request forgery (ssrf)
Server-side request forgery SSRF vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter...
CVE-2014-9302
Server-side request forgery SSRF vulnerability in the cmisbrowser servlet in Content Management Interoperability Service CMIS in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter...
CVE-2014-9302
CVE-2014-9302 describes a server-side request forgery (SSRF) in the cmisbrowser servlet of CMIS in Alfresco Community Edition 5.0.a and earlier. The vulnerability allows remote attackers to trigger outbound requests by providing a crafted value in the url parameter. Affected component: cmisbrowse...
Server side request forgery (ssrf)
Server-side request forgery SSRF vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter...
[SECURITY] [DSA 3085-1] wordpress security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3085-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez December 03, 2014 http://www.debian.org/security/faq -...
DSA-3085-1 wordpress - security update
Bulletin has no description...
CVE-2014-8749
Server-side request forgery SSRF vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter...
CVE-2014-5237
Server-side request forgery SSRF vulnerability in the documentconverter component in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text...