Total
1244 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9458 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
CVE-2017-11149 | 1 Synology | 1 Download Station | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. | |||||
CVE-2017-0907 | 1 Recurly | 1 Recurly Client .net | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources. | |||||
CVE-2017-15886 | 1 Synology | 1 Chat | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | |||||
CVE-2017-0905 | 1 Recurly | 1 Recurly Client Ruby | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources. | |||||
CVE-2017-15943 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities. | |||||
CVE-2017-15644 | 1 Webmin | 1 Webmin | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | |||||
CVE-2017-12071 | 1 Synology | 1 Photo Station | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. | |||||
CVE-2017-9355 | 1 Subsonic | 1 Subsonic | 2024-02-28 | 4.3 MEDIUM | 7.4 HIGH |
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file. | |||||
CVE-2017-17697 | 1 Linuxfoundation | 1 Harbor | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | |||||
CVE-2017-1000017 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server | |||||
CVE-2017-0889 | 1 Thoughtbot | 1 Paperclip | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources. | |||||
CVE-2017-9307 | 1 Allen Disk Project | 1 Allen Disk | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | |||||
CVE-2017-14585 | 1 Atlassian | 2 Hipchat Data Center, Hipchat Server | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected. | |||||
CVE-2017-9506 | 1 Atlassian | 1 Oauth | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). | |||||
CVE-2016-6001 | 1 Ibm | 1 Forms Experience Builder | 2024-02-28 | 3.5 LOW | 3.1 LOW |
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. | |||||
CVE-2017-7569 | 1 Vbulletin | 1 Vbulletin | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. | |||||
CVE-2017-7566 | 1 Mybb | 1 Mybb | 2024-02-28 | 4.0 MEDIUM | 7.7 HIGH |
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. | |||||
CVE-2017-5518 | 1 Metalgenix | 1 Genixcms | 2024-02-28 | 4.3 MEDIUM | 7.4 HIGH |
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. | |||||
CVE-2017-5617 | 2 Debian, Kitfox | 2 Debian Linux, Svg Salamander | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file. |