ReportizFlow
Filtered by vendor
Subscriptions
Total
1332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25466 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 9.8 Critical |
| A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code. | ||||
| CVE-2020-25353 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 6.5 Medium |
| A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters. | ||||
| CVE-2020-24898 | 1 Stiltsoft | 1 Table Filter And Charts For Confluence Server | 2024-11-21 | 7.6 High |
| The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter). | ||||
| CVE-2020-24881 | 1 Osticket | 1 Osticket | 2024-11-21 | 9.8 Critical |
| SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. | ||||
| CVE-2020-24815 | 1 Microstrategy | 1 Microstrategy | 2024-11-21 | 6.5 Medium |
| A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020. | ||||
| CVE-2020-24710 | 1 Getgophish | 1 Gophish | 2024-11-21 | 5.3 Medium |
| Gophish before 0.11.0 allows SSRF attacks. | ||||
| CVE-2020-24700 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.4 Medium |
| OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring. | ||||
| CVE-2020-24641 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 7.5 High |
| In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface. | ||||
| CVE-2020-24570 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 6.5 Medium |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link. | ||||
| CVE-2020-24548 | 1 Ericom | 1 Access Server | 2024-11-21 | 5.3 Medium |
| Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports. | ||||
| CVE-2020-24444 | 1 Adobe | 1 Experience Manager Forms Add-on | 2024-11-21 | 5.8 Medium |
| AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network. | ||||
| CVE-2020-24327 | 1 Discourse | 1 Discourse | 2024-11-21 | 5.3 Medium |
| Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email function. When writing an email in an editor, you can upload pictures of remote websites. | ||||
| CVE-2020-24149 | 1 Secondline | 1 Podcast Importer Secondline | 2024-11-21 | 7.5 High |
| Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page. | ||||
| CVE-2020-24148 | 1 Mooveagency | 1 Import Xml And Rss Feeds | 2024-11-21 | 9.1 Critical |
| Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action. | ||||
| CVE-2020-24147 | 1 Xylusthemes | 1 Wp Smart Import | 2024-11-21 | 9.1 Critical |
| Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. | ||||
| CVE-2020-24142 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2024-11-21 | 9.8 Critical |
| Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services | ||||
| CVE-2020-24141 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2024-11-21 | 5.3 Medium |
| Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the file_remote parameter to download-add.php. It can help identify open ports, local network hosts and execute command on services | ||||
| CVE-2020-24140 | 1 Wcms | 1 Wcms | 2024-11-21 | 8.3 High |
| Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services. | ||||
| CVE-2020-24139 | 1 Wcms | 1 Wcms | 2024-11-21 | 8.3 High |
| Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services. | ||||
| CVE-2020-24063 | 1 Canto | 1 Canto | 2024-11-21 | 7.2 High |
| The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. | ||||