Vulnerabilities (CVE)

Filtered by CWE-918
Total 1244 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9458 1 Paloaltonetworks 1 Pan-os 2024-02-28 7.5 HIGH 9.8 CRITICAL
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors.
CVE-2017-11149 1 Synology 1 Download Station 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.
CVE-2017-0907 1 Recurly 1 Recurly Client .net 2024-02-28 7.5 HIGH 9.8 CRITICAL
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.
CVE-2017-15886 1 Synology 1 Chat 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.
CVE-2017-0905 1 Recurly 1 Recurly Client Ruby 2024-02-28 7.5 HIGH 9.8 CRITICAL
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources.
CVE-2017-15943 1 Paloaltonetworks 1 Pan-os 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.
CVE-2017-15644 1 Webmin 1 Webmin 2024-02-28 5.0 MEDIUM 8.6 HIGH
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
CVE-2017-12071 1 Synology 1 Photo Station 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
CVE-2017-9355 1 Subsonic 1 Subsonic 2024-02-28 4.3 MEDIUM 7.4 HIGH
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
CVE-2017-17697 1 Linuxfoundation 1 Harbor 2024-02-28 5.0 MEDIUM 8.6 HIGH
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.
CVE-2017-1000017 1 Phpmyadmin 1 Phpmyadmin 2024-02-28 6.5 MEDIUM 8.8 HIGH
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server
CVE-2017-0889 1 Thoughtbot 1 Paperclip 2024-02-28 7.5 HIGH 9.8 CRITICAL
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
CVE-2017-9307 1 Allen Disk Project 1 Allen Disk 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.
CVE-2017-14585 1 Atlassian 2 Hipchat Data Center, Hipchat Server 2024-02-28 9.0 HIGH 7.2 HIGH
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected.
CVE-2017-9506 1 Atlassian 1 Oauth 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
CVE-2016-6001 1 Ibm 1 Forms Experience Builder 2024-02-28 3.5 LOW 3.1 LOW
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.
CVE-2017-7569 1 Vbulletin 1 Vbulletin 2024-02-28 5.0 MEDIUM 8.6 HIGH
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.
CVE-2017-7566 1 Mybb 1 Mybb 2024-02-28 4.0 MEDIUM 7.7 HIGH
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
CVE-2017-5518 1 Metalgenix 1 Genixcms 2024-02-28 4.3 MEDIUM 7.4 HIGH
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.
CVE-2017-5617 2 Debian, Kitfox 2 Debian Linux, Svg Salamander 2024-02-28 5.8 MEDIUM 7.4 HIGH
The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file.