Search
Total
703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20528 | 1 Jeecms | 1 Jeecms | 2019-03-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter. | |||||
| CVE-2018-9920 | 1 K2 | 1 Smartforms | 2019-02-27 | 6.4 MEDIUM | 6.5 MEDIUM |
| Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL. | |||||
| CVE-2018-8801 | 1 Gitlab | 1 Gitlab | 2019-02-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component. | |||||
| CVE-2018-19601 | 1 Rhymix | 1 Rhymix | 2019-02-25 | 6.5 MEDIUM | 9.1 CRITICAL |
| Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. | |||||
| CVE-2018-13404 | 1 Atlassian | 1 Jira | 2019-02-22 | 4.0 MEDIUM | 4.1 MEDIUM |
| The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2018-18569 | 1 Dundas | 1 Dundas Bi | 2019-02-22 | 5.0 MEDIUM | 8.6 HIGH |
| The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. This could be leveraged to provide a proxy to attack other servers (internal or external) or to perform network scans of external or internal networks. | |||||
| CVE-2018-15516 | 1 D-link | 1 Central Wifimanager | 2019-02-22 | 3.5 LOW | 5.8 MEDIUM |
| The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. | |||||
| CVE-2018-15657 | 1 42gears | 1 Suremdm | 2019-02-21 | 1.9 LOW | 7.3 HIGH |
| An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter. | |||||
| CVE-2019-8982 | 1 Wavemaker | 1 Wavemarker Studio | 2019-02-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. | |||||
| CVE-2018-15517 | 1 D-link | 1 Central Wifimanager | 2019-02-21 | 5.0 MEDIUM | 8.6 HIGH |
| The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. | |||||
| CVE-2018-20436 | 1 Telegram | 2 Telegram, Web | 2019-02-14 | 6.8 MEDIUM | 8.1 HIGH |
| ** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. NOTE: a third party has reported that potentially unwanted behavior is caused by misconfiguration of the "Secret chats > Preview links" setting. | |||||
| CVE-2018-18843 | 1 Gitlab | 1 Gitlab | 2019-02-05 | 7.5 HIGH | 10.0 CRITICAL |
| The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. | |||||
| CVE-2019-5725 | 1 Qibosoft | 1 Qibosoft | 2019-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file. | |||||
| CVE-2018-19047 | 1 Mpdf Project | 1 Mpdf | 2019-02-01 | 7.5 HIGH | 10.0 CRITICAL |
| ** DISPUTED ** mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HTML without sanitising it, you're asking for trouble." | |||||
| CVE-2018-12609 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-01-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. | |||||
| CVE-2018-1000422 | 1 Atlassian | 1 Crowd2 | 2019-01-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. | |||||
| CVE-2018-1000421 | 1 Apache | 1 Mesos | 2019-01-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2018-20596 | 1 Jspxcms | 1 Jspxcms | 2019-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| Jspxcms v9.0.0 allows SSRF. | |||||
| CVE-2018-18753 | 1 Typecho | 1 Typecho | 2019-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. | |||||
| CVE-2018-20228 | 1 Subsonic | 1 Subsonic | 2019-01-24 | 6.0 MEDIUM | 8.0 HIGH |
| Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF. | |||||
| CVE-2018-18646 | 1 Gitlab | 1 Gitlab | 2018-12-27 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. | |||||
| CVE-2018-19651 | 1 Interspire | 1 Email Marketer | 2018-12-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL. | |||||
| CVE-2018-18867 | 1 Tecrail | 1 Responsive Filemanager | 2018-12-07 | 5.0 MEDIUM | 8.6 HIGH |
| An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495. | |||||
| CVE-2018-2463 | 1 Sap | 1 Hybris | 2018-11-29 | 5.0 MEDIUM | 8.6 HIGH |
| The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC. | |||||
| CVE-2018-16793 | 1 Microsoft | 1 Exchange Server | 2018-11-20 | 5.0 MEDIUM | 8.6 HIGH |
| Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | |||||
| CVE-2018-16794 | 1 Microsoft | 2 Active Directory Federation Services, Windows Server 2016 | 2018-11-20 | 5.0 MEDIUM | 8.6 HIGH |
| Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. | |||||
| CVE-2018-15895 | 1 Icmsdev | 1 Icms | 2018-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858. | |||||
| CVE-2018-16409 | 1 Gogs | 1 Gogs | 2018-11-06 | 5.0 MEDIUM | 8.6 HIGH |
| In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. | |||||
| CVE-2017-4928 | 1 Vmware | 1 Vcenter Server | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. | |||||
| CVE-2018-16444 | 1 Seacms | 1 Seacms | 2018-10-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter. | |||||
| CVE-2016-4046 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-10-19 | 5.0 MEDIUM | 5.8 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks. | |||||
| CVE-2018-15192 | 2 Gitea, Gogs | 2 Gitea, Gogs | 2018-10-18 | 5.0 MEDIUM | 8.6 HIGH |
| An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services. | |||||
| CVE-2018-1999039 | 1 Jenkins | 1 Confluence Publisher | 2018-10-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials. | |||||
| CVE-2018-2445 | 1 Sap | 1 Businessobjects Business Intelligence | 2018-10-15 | 5.5 MEDIUM | 9.6 CRITICAL |
| AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2015-7570 | 1 Yeager | 1 Yeager Cms | 2018-10-09 | 6.4 MEDIUM | 7.2 HIGH |
| Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php. | |||||
| CVE-2018-1999026 | 1 Jenkins | 1 Tracetronic Ecu-test | 2018-10-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host. | |||||
| CVE-2018-14858 | 1 Icmsdev | 1 Icms | 2018-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514. | |||||
| CVE-2018-1999017 | 1 Pydio | 1 Pydio | 2018-09-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. This attack appears to be exploitable via the attacker gaining access to an administrative account, enters a URL into Upgrade Engine, and reloads the page or presses "Check Now". This vulnerability appears to have been fixed in 8.2.1. | |||||
| CVE-2018-14514 | 1 Icmsdev | 1 Icms | 2018-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. | |||||
| CVE-2018-12809 | 1 Adobe | 1 Experience Manager | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-5004 | 1 Adobe | 1 Experience Manager | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-5006 | 1 Adobe | 1 Experience Manager | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-12571 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2018-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome. | |||||
| CVE-2017-0929 | 1 Dnnsoftware | 1 Dotnetnuke | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. | |||||
| CVE-2018-1000606 | 1 Jenkins | 1 Urltrigger | 2018-08-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||
| CVE-2018-1000553 | 1 Trovebox | 1 Trovebox | 2018-08-17 | 6.5 MEDIUM | 8.8 HIGH |
| Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. | |||||
| CVE-2018-12678 | 1 Portainer | 1 Portainer | 2018-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. | |||||
| CVE-2018-5752 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-08-03 | 6.5 MEDIUM | 8.8 HIGH |
| The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses. | |||||
| CVE-2018-11586 | 1 Searchblox | 1 Searchblox | 2018-07-31 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | |||||
| CVE-2018-1000188 | 1 Jenkins | 1 Cas | 2018-07-18 | 5.5 MEDIUM | 5.4 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||