Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1789 | 1 Ibm | 1 Api Connect | 2024-11-21 | 6.5 MEDIUM | 8.4 HIGH |
|
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.
|
|||||
| CVE-2018-1042 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Moodle 3.x has Server Side Request Forgery in the filepicker.
|
|||||
| CVE-2018-19651 | 1 Interspire | 1 Email Marketer | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.
|
|||||
| CVE-2018-19601 | 1 Rhymix | 1 Rhymix | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
|
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
|
|||||
| CVE-2018-19571 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
|
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
|
|||||
| CVE-2018-19495 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration.
|
|||||
| CVE-2018-19047 | 1 Mpdf Project | 1 Mpdf | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HTML without sanitising it, you're asking for trouble.
|
|||||
| CVE-2018-1999039 | 1 Jenkins | 1 Confluence Publisher | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.
|
|||||
| CVE-2018-1999026 | 1 Jenkins | 1 Tracetronic Ecu-test | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host.
|
|||||
| CVE-2018-1999017 | 1 Pydio | 1 Pydio | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. This attack appears to be exploitable via the attacker gaining access to an administrative account, enters a URL into Upgrade Engine, and reloads the page or presses "Check Now". This vulnerability appears to have bee ...
Show More |
|||||
| CVE-2018-18867 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495.
|
|||||
| CVE-2018-18843 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.
|
|||||
| CVE-2018-18753 | 1 Typecho | 1 Typecho | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.
|
|||||
| CVE-2018-18646 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF.
|
|||||
| CVE-2018-18569 | 1 Dundas | 1 Dundas Bi | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. This could be leveraged to provide a proxy to attack other servers (internal or external) or to perform network scans of external or internal networks.
|
|||||
| CVE-2018-17198 | 1 Apache | 1 Roller | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnera ...
Show More |
|||||
| CVE-2018-16794 | 1 Microsoft | 2 Active Directory Federation Services, Windows Server 2016 | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
|
|||||
| CVE-2018-16793 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
|
|||||
| CVE-2018-16444 | 1 Seacms | 1 Seacms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.
|
|||||
| CVE-2018-16409 | 1 Gogs | 1 Gogs | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF.
|
|||||
| CVE-2018-15895 | 1 Icmsdev | 1 Icms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858.
|
|||||
| CVE-2018-15657 | 1 42gears | 1 Suremdm | 2024-11-21 | 1.9 LOW | 7.3 HIGH |
|
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
|
|||||
| CVE-2018-15517 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.
|
|||||
| CVE-2018-15516 | 1 Dlink | 1 Central Wifimanager | 2024-11-21 | 3.5 LOW | 5.8 MEDIUM |
|
The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF.
|
|||||
| CVE-2018-15192 | 2 Gitea, Gogs | 2 Gitea, Gogs | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.
|
|||||
| CVE-2018-14858 | 1 Icmsdev | 1 Icms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514.
|
|||||
| CVE-2018-14728 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
|
|||||
| CVE-2018-14721 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Banking Platform and 9 more | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
|
|||||
| CVE-2018-14514 | 1 Icmsdev | 1 Icms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.
|
|||||
| CVE-2018-13790 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page.
|
|||||
| CVE-2018-13404 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 4.0 MEDIUM | 4.1 MEDIUM |
|
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in som ...
Show More |
|||||
| CVE-2018-13103 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
OX App Suite 7.8.4 and earlier allows SSRF.
|
|||||
| CVE-2018-12809 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2018-12678 | 1 Portainer | 1 Portainer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.
|
|||||
| CVE-2018-12609 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
|
|||||
| CVE-2018-12571 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.
|
|||||
| CVE-2018-11586 | 1 Searchblox | 1 Searchblox | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
|
|||||
| CVE-2018-11031 | 1 Gouguoyin | 1 Phprap | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.
|
|||||
| CVE-2018-10511 | 1 Trendmicro | 1 Control Manager | 2024-11-21 | 6.4 MEDIUM | 10.0 CRITICAL |
|
A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations.
|
|||||
| CVE-2018-10220 | 1 Mushmush | 1 Glastopf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation
|
|||||