Vulnerabilities (CVE)

Filtered by CWE-918
Total 1254 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-0399 1 Cisco 1 Finesse 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044.
CVE-2018-0398 1 Cisco 1 Finesse 2024-11-21 7.5 HIGH 9.8 CRITICAL
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018.
CVE-2017-9506 1 Atlassian 1 Oauth 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
CVE-2017-9458 1 Paloaltonetworks 1 Pan-os 2024-11-21 7.5 HIGH 9.8 CRITICAL
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors.
CVE-2017-9355 1 Subsonic 1 Subsonic 2024-11-21 4.3 MEDIUM 7.4 HIGH
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
CVE-2017-9307 1 Allen Disk Project 1 Allen Disk 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.
CVE-2017-9066 2 Debian, Wordpress 2 Debian Linux, Wordpress 2024-11-21 5.0 MEDIUM 8.6 HIGH
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
CVE-2017-8794 1 Accellion 1 File Transfer Appliance 2024-11-21 6.4 MEDIUM 10.0 CRITICAL
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.
CVE-2017-7569 1 Vbulletin 1 Vbulletin 2024-11-21 5.0 MEDIUM 8.6 HIGH
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.
CVE-2017-7566 1 Mybb 1 Mybb 2024-11-21 4.0 MEDIUM 7.7 HIGH
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
CVE-2017-7553 1 Redhat 1 Mobile Application Platform 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.
CVE-2017-7272 1 Php 1 Php 2024-11-21 5.8 MEDIUM 7.4 HIGH
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.
CVE-2017-7200 1 Openstack 1 Glance 2024-11-21 5.0 MEDIUM 5.8 MEDIUM
An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.
CVE-2017-6201 1 Sandstorm 1 Sandstorm 2024-11-21 5.5 MEDIUM 8.1 HIGH
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly.
CVE-2017-6130 1 F5 2 Ssl Intercept Iapp, Ssl Orchestrator 2024-11-21 5.8 MEDIUM 7.4 HIGH
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.
CVE-2017-6036 1 Belden Hirschmann 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination.
CVE-2017-5643 1 Apache 1 Camel 2024-11-21 5.8 MEDIUM 7.4 HIGH
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
CVE-2017-5617 2 Debian, Kitfox 2 Debian Linux, Svg Salamander 2024-11-21 5.8 MEDIUM 7.4 HIGH
The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file.
CVE-2017-5518 1 Metalgenix 1 Genixcms 2024-11-21 4.3 MEDIUM 7.4 HIGH
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.
CVE-2017-4928 1 Vmware 1 Vcenter Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.