Total
1167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2445 | 1 Sap | 1 Businessobjects Business Intelligence | 2018-10-15 | 5.5 MEDIUM | 9.6 CRITICAL |
| AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2015-7570 | 1 Yeager | 1 Yeager Cms | 2018-10-09 | 6.4 MEDIUM | 7.2 HIGH |
| Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php. | |||||
| CVE-2018-1999026 | 1 Jenkins | 1 Tracetronic Ecu-test | 2018-10-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host. | |||||
| CVE-2018-14858 | 1 Icmsdev | 1 Icms | 2018-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514. | |||||
| CVE-2018-1999017 | 1 Pydio | 1 Pydio | 2018-09-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. This attack appears to be exploitable via the attacker gaining access to an administrative account, enters a URL into Upgrade Engine, and reloads the page or presses "Check Now". This vulnerability appears to have been fixed in 8.2.1. | |||||
| CVE-2018-14514 | 1 Icmsdev | 1 Icms | 2018-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. | |||||
| CVE-2018-12809 | 1 Adobe | 1 Experience Manager | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-5004 | 1 Adobe | 1 Experience Manager | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-5006 | 1 Adobe | 1 Experience Manager | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-12571 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2018-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome. | |||||
| CVE-2017-0929 | 1 Dnnsoftware | 1 Dotnetnuke | 2018-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. | |||||
| CVE-2018-1000606 | 1 Jenkins | 1 Urltrigger | 2018-08-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||
| CVE-2018-1000553 | 1 Trovebox | 1 Trovebox | 2018-08-17 | 6.5 MEDIUM | 8.8 HIGH |
| Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed. | |||||
| CVE-2018-12678 | 1 Portainer | 1 Portainer | 2018-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. | |||||
| CVE-2018-5752 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-08-03 | 6.5 MEDIUM | 8.8 HIGH |
| The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses. | |||||
| CVE-2018-11586 | 1 Searchblox | 1 Searchblox | 2018-07-31 | 7.5 HIGH | 9.8 CRITICAL |
| XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | |||||
| CVE-2018-1000188 | 1 Jenkins | 1 Cas | 2018-07-18 | 5.5 MEDIUM | 5.4 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||
| CVE-2018-1000185 | 1 Jenkins | 1 Github Branch Source | 2018-07-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||
| CVE-2018-1000184 | 1 Jenkins | 1 Github | 2018-07-18 | 5.5 MEDIUM | 5.4 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||
| CVE-2018-1000182 | 1 Jenkins | 1 Git | 2018-07-18 | 5.5 MEDIUM | 6.4 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||