Total
1167 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6621 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-07-08 | 5.0 MEDIUM | 8.6 HIGH |
| The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | |||||
| CVE-2018-11031 | 1 Gouguoyin | 1 Phprap | 2018-06-19 | 10.0 HIGH | 9.8 CRITICAL |
| application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request. | |||||
| CVE-2018-9919 | 1 Tp-shop | 1 Tp-shop | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the "down_url" URL into the "bddlj" local file if the attacker knows the backdoor "jmmy" parameter. | |||||
| CVE-2018-8939 | 1 Ipswitch | 1 Whatsup Gold | 2018-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands. | |||||
| CVE-2018-9302 | 1 Getcockpit | 1 Cockpit | 2018-06-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4. | |||||
| CVE-2018-10174 | 1 Digitalguardian | 1 Management Console | 2018-05-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role. | |||||
| CVE-2017-14323 | 1 Onethink | 1 Onethink | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter. | |||||
| CVE-2017-18096 | 1 Atlassian | 1 Application Links | 2018-05-10 | 4.0 MEDIUM | 7.2 HIGH |
| The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. | |||||
| CVE-2017-16614 | 1 Tp-shop | 1 Tpshop | 2018-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter. | |||||
| CVE-2018-1000124 | 1 I-librarian | 1 I\, Librarian | 2018-04-13 | 7.5 HIGH | 10.0 CRITICAL |
| I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea. | |||||
| CVE-2018-1000138 | 1 I-librarian | 1 I Librarian | 2018-04-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources. | |||||
| CVE-2018-7667 | 1 Adminer | 1 Adminer | 2018-03-27 | 7.5 HIGH | 9.8 CRITICAL |
| Adminer through 4.3.1 has SSRF via the server parameter. | |||||
| CVE-2018-2370 | 1 Sap | 1 Bi Launchpad | 2018-03-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server. | |||||
| CVE-2017-6201 | 1 Sandstorm | 1 Sandstorm | 2018-03-13 | 5.5 MEDIUM | 8.1 HIGH |
| A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly. | |||||
| CVE-2018-1000054 | 1 Jenkins | 1 Ccm | 2018-03-13 | 6.5 MEDIUM | 8.3 HIGH |
| Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | |||||
| CVE-2018-7055 | 1 Steelcase | 2 Roomwizard, Roomwizard Firmware | 2018-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter. | |||||
| CVE-2018-1000056 | 1 Jenkins | 1 Junit | 2018-03-06 | 6.5 MEDIUM | 8.3 HIGH |
| Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | |||||
| CVE-2018-1000055 | 1 Jenkins | 1 Android Lint | 2018-03-06 | 6.5 MEDIUM | 8.3 HIGH |
| Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | |||||
| CVE-2018-6186 | 1 Citrix | 1 Netscaler | 2018-03-03 | 9.0 HIGH | 8.8 HIGH |
| Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges. | |||||
| CVE-2017-7272 | 1 Php | 1 Php | 2018-02-26 | 5.8 MEDIUM | 7.4 HIGH |
| PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function. | |||||