I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.28%
Published
2017-11-17
Updated
2017-11-29
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
Source: MITRE
Max CVSS
9.1
EPSS Score
0.39%
Published
2017-11-17
Updated
2019-07-23
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.
Source: MITRE
Max CVSS
8.0
EPSS Score
0.09%
Published
2017-11-03
Updated
2017-11-15
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server
Source: MITRE
Max CVSS
8.8
EPSS Score
0.10%
Published
2017-07-17
Updated
2019-03-25
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.
Source: MITRE
Max CVSS
8.6
EPSS Score
0.59%
Published
2017-12-15
Updated
2020-04-01
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary
Source: MITRE
Max CVSS
8.1
EPSS Score
0.28%
Published
2017-11-17
Updated
2024-05-17
Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.
Source: SAP SE
Max CVSS
6.5
EPSS Score
0.18%
Published
2017-12-12
Updated
2018-01-02
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.
Source: MITRE
Max CVSS
5.3
EPSS Score
0.19%
Published
2017-12-11
Updated
2020-02-17
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.
Source: Synology Inc.
Max CVSS
6.5
EPSS Score
0.06%
Published
2017-12-28
Updated
2019-10-09
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
Source: MITRE
Max CVSS
8.6
EPSS Score
0.11%
Published
2017-10-19
Updated
2017-11-07
XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.07%
Published
2017-10-12
Updated
2017-10-25
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.24%
Published
2017-10-03
Updated
2017-10-11
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected.
Source: Atlassian
Max CVSS
9.0
EPSS Score
0.68%
Published
2017-11-27
Updated
2017-12-20
XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705.
Source: MITRE
Max CVSS
9.9
EPSS Score
0.25%
Published
2017-10-10
Updated
2017-11-05
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.87%
Published
2017-09-25
Updated
2020-10-02
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Source: Synology Inc.
Max CVSS
6.5
EPSS Score
0.06%
Published
2017-09-08
Updated
2019-10-09
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-07-25
Updated
2021-04-20
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.
Source: Adobe Systems Incorporated
Max CVSS
10.0
EPSS Score
0.28%
Published
2017-12-09
Updated
2017-12-14
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.
Source: Synology Inc.
Max CVSS
6.5
EPSS Score
0.06%
Published
2017-08-14
Updated
2019-10-09
Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.
Source: Synology Inc.
Max CVSS
6.5
EPSS Score
0.15%
Published
2017-08-11
Updated
2019-10-09
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-07-06
Updated
2017-07-17
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
Source: Atlassian
Max CVSS
6.1
EPSS Score
0.58%
Published
2017-08-23
Updated
2019-05-10
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.78%
Published
2017-09-07
Updated
2020-02-17
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.34%
Published
2017-07-25
Updated
2017-07-28
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
Source: MITRE
Max CVSS
7.4
EPSS Score
2.87%
Published
2017-06-07
Updated
2017-08-13
57 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!