ReportizFlow
Filtered by vendor
Subscriptions
Total
1337 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41449 | 1 Phpkobo | 1 Ajaxnewsticker | 2024-11-21 | 9.8 Critical |
| An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. | ||||
| CVE-2023-41339 | 1 Osgeo | 1 Geoserver | 2024-11-21 | 8.6 High |
| GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2. | ||||
| CVE-2023-41327 | 1 Wiremock | 2 Studio, Wiremock | 2024-11-21 | 4.6 Medium |
| WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. Until WireMock Webhooks Extension 3.0.0-beta-15, the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the `limitProxyTargets` settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock’s instance. For example, If someone is running the WireMock docker Container inside a private cluster, they can trigger internal POST requests against unsecured APIs or even against secure ones by passing a token, discovered using another exploit, via authentication headers. This issue has been addressed in versions 2.35.1 and 3.0.3 of wiremock. Wiremock studio has been discontinued and will not see a fix. Users unable to upgrade should use external firewall rules to define the list of permitted destinations. | ||||
| CVE-2023-41239 | 1 Blubrry | 1 Powerpress | 2024-11-21 | 6.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6. | ||||
| CVE-2023-41055 | 1 Ahwx | 1 Librey | 2024-11-21 | 7.5 High |
| LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `engines/google/text.php` and `engines/duckduckgo/text.php` files in versions before commit be59098abd119cda70b15bf3faac596dfd39a744. This vulnerability allows remote attackers to request the server to send HTTP GET requests to arbitrary targets and conduct Denial-of-Service (DoS) attacks via the `wikipedia_language` cookie. Remote attackers can request the server to download large files to reduce the performance of the server or even deny access from legitimate users. This issue has been patched in https://github.com/Ahwxorg/LibreY/pull/9. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-41054 | 1 Ahwx | 1 Librey | 2024-11-21 | 8.2 High |
| LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `image_proxy.php` file of LibreY before commit 8f9b9803f231e2954e5b49987a532d28fe50a627. This vulnerability allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks via the `url` parameter. Remote attackers can use the server as a proxy to send HTTP GET requests and retrieve information in the internal network. Remote attackers can also request the server to download large files or chain requests among multiple instances to reduce the performance of the server or even deny access from legitimate users. This issue has been addressed in https://github.com/Ahwxorg/LibreY/pull/31. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-40969 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 6.1 Medium |
| Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. | ||||
| CVE-2023-40630 | 1 Joomcode | 1 Jcdashboard | 2024-11-21 | 9.8 Critical |
| Unauthenticated LFI/SSRF in JCDashboards component for Joomla. | ||||
| CVE-2023-40148 | 2024-11-21 | 6.5 Medium | ||
| Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests. | ||||
| CVE-2023-40033 | 1 Flarum | 1 Flarum | 2024-11-21 | 7.1 High |
| Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP's `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability. | ||||
| CVE-2023-40017 | 1 Geosolutionsgroup | 1 Geonode | 2024-11-21 | 7.5 High |
| GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9. | ||||
| CVE-2023-3981 | 1 Omeka | 2 Omeka, Omeka S | 2024-11-21 | 4.9 Medium |
| Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2. | ||||
| CVE-2023-3744 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 9.9 Critical |
| Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter. | ||||
| CVE-2023-3578 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.5 Medium |
| A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file co_do.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233371. | ||||
| CVE-2023-3577 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 3.5 Low |
| Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF. | ||||
| CVE-2023-3432 | 2 Fedoraproject, Plantuml | 2 Fedora, Plantuml | 2024-11-21 | 10.0 Critical |
| Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9. | ||||
| CVE-2023-3236 | 1 Chshcms | 1 Mccms | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function pic_save of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231507. | ||||
| CVE-2023-3235 | 1 Chshcms | 1 Mccms | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in mccms up to 2.6.5. It has been rated as critical. Affected by this issue is the function pic_api of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231506 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-3121 | 1 Dahuasecurity | 1 Smart Parking Management | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3015 | 1 Vip Video Analysis Project | 1 Vip Video Analysis | 2024-11-21 | 6.3 Medium |
| A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file data/title.php. The manipulation of the argument titurl leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230359. | ||||