ReportizFlow
Filtered by vendor
Subscriptions
Total
1318 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14721 | 4 Debian, Fasterxml, Oracle and 1 more | 21 Debian Linux, Jackson-databind, Banking Platform and 18 more | 2024-11-21 | N/A |
| FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. | ||||
| CVE-2018-14514 | 1 Icmsdev | 1 Icms | 2024-11-21 | N/A |
| An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. | ||||
| CVE-2018-13790 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.2 High |
| A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page. | ||||
| CVE-2018-13404 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | N/A |
| The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability. | ||||
| CVE-2018-13103 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX App Suite 7.8.4 and earlier allows SSRF. | ||||
| CVE-2018-12809 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A |
| Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2018-12678 | 1 Portainer | 1 Portainer | 2024-11-21 | N/A |
| Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. | ||||
| CVE-2018-12609 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. | ||||
| CVE-2018-12571 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2024-11-21 | N/A |
| uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome. | ||||
| CVE-2018-11586 | 1 Searchblox | 1 Searchblox | 2024-11-21 | N/A |
| XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
| CVE-2018-11031 | 1 Gouguoyin | 1 Phprap | 2024-11-21 | N/A |
| application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request. | ||||
| CVE-2018-10511 | 1 Trendmicro | 1 Control Manager | 2024-11-21 | 10.0 Critical |
| A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. | ||||
| CVE-2018-10220 | 1 Mushmush | 1 Glastopf | 2024-11-21 | N/A |
| Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation | ||||
| CVE-2018-10174 | 1 Digitalguardian | 1 Management Console | 2024-11-21 | N/A |
| Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role. | ||||
| CVE-2018-1000606 | 1 Jenkins | 1 Urltrigger | 2024-11-21 | N/A |
| A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | ||||
| CVE-2018-1000553 | 1 Trovebox | 1 Trovebox | 2024-11-21 | N/A |
| Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. | ||||
| CVE-2018-1000422 | 1 Atlassian | 1 Crowd2 | 2024-11-21 | N/A |
| An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. | ||||
| CVE-2018-1000421 | 1 Apache | 1 Mesos | 2024-11-21 | N/A |
| An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2018-1000188 | 1 Jenkins | 1 Cas | 2024-11-21 | N/A |
| A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | ||||
| CVE-2018-1000185 | 1 Jenkins | 1 Github Branch Source | 2024-11-21 | N/A |
| A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | ||||