CWE:
 

Topic
Date
Author
High
Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection
14.07.2018
Alt3kx
Low
SPIP 3.1.2 Server Side Request Forgery
20.10.2016
Nicolas CHATELAIN
Low
Google Docs XSPA / SSRF
10.09.2016
Ashiyane Digital Secur...
Low
Infoware MapSuite Server-Side Request Forgery
04.06.2014
Christian


CVEMAP Search Results

CVE
Details
Description
2018-06-26
Medium
CVE-2018-1000553

Vendor: Trovebox
Software: Trovebox
 

 
Trovebox version <= 4.0.0-rc6 contains a Server-Side request forgery vulnerability in webhook component that can result in read or update internal resources. This attack appear to be exploitable via HTTP request. This vulnerability appears to have been fixed in after commit 742b8ed.

 
2018-06-22
Medium
CVE-2018-12678

Updating...
 

 
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.

 
2018-06-15
Medium
CVE-2018-5752

Vendor: Open-xchange
Software: Open-xchange...
 

 
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.

 
2018-06-05
Medium
CVE-2018-1000182

Vendor: Jenkins
Software: GIT
 

 
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

 
Medium
CVE-2018-1000184

Vendor: Jenkins
Software: Github
 

 
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

 
Low
CVE-2018-1000185

Vendor: Jenkins
Software: Github branc...
 

 
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

 
Medium
CVE-2018-1000188

Vendor: Jenkins
Software: CAS
 

 
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

 
Medium
CVE-2018-11586

Vendor: Searchblox
Software: Searchblox
 

 
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

 
2018-05-24
Medium
CVE-2018-9920

Vendor: K2
Software: Smartforms
 

 
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.

 
2018-05-13
High
CVE-2018-11031

Updating...
 

 
application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top