Total
1195 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-10973 | 1 Finecms Project | 1 Finecms | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header. | |||||
CVE-2017-11291 | 1 Adobe | 1 Connect | 2024-02-28 | 6.4 MEDIUM | 10.0 CRITICAL |
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls. | |||||
CVE-2017-12905 | 1 Vebto | 1 Pixie - Image Editor | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. | |||||
CVE-2017-1000419 | 1 Phpbb | 1 Phpbb | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application. | |||||
CVE-2017-7553 | 1 Redhat | 1 Mobile Application Platform | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints. | |||||
CVE-2017-4928 | 1 Vmware | 1 Vcenter Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. | |||||
CVE-2017-0906 | 1 Recurly | 1 Recurly Client Python | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources. | |||||
CVE-2017-6036 | 1 Belden Hirschmann | 2 Gecko Lite Managed Switch, Gecko Lite Managed Switch Firmware | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination. | |||||
CVE-2017-1000139 | 1 Mahara | 1 Mahara | 2024-02-28 | 6.0 MEDIUM | 8.0 HIGH |
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues. | |||||
CVE-2017-11148 | 1 Synology | 1 Chat | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | |||||
CVE-2017-16865 | 1 Atlassian | 1 Jira | 2024-02-28 | 3.5 LOW | 5.3 MEDIUM |
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. | |||||
CVE-2017-9458 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
CVE-2017-11149 | 1 Synology | 1 Download Station | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. | |||||
CVE-2017-0907 | 1 Recurly | 1 Recurly Client .net | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources. | |||||
CVE-2017-15886 | 1 Synology | 1 Chat | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | |||||
CVE-2017-0905 | 1 Recurly | 1 Recurly Client Ruby | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources. | |||||
CVE-2017-15943 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities. | |||||
CVE-2017-15644 | 1 Webmin | 1 Webmin | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | |||||
CVE-2017-12071 | 1 Synology | 1 Photo Station | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. | |||||
CVE-2017-9355 | 1 Subsonic | 1 Subsonic | 2024-02-28 | 4.3 MEDIUM | 7.4 HIGH |
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file. |