CWE:
 

Topic
Date
Author
High
Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection
14.07.2018
Alt3kx
Low
SPIP 3.1.2 Server Side Request Forgery
20.10.2016
Nicolas CHATELAIN
Low
Google Docs XSPA / SSRF
10.09.2016
Ashiyane Digital Secur...
Low
Infoware MapSuite Server-Side Request Forgery
04.06.2014
Christian


CVEMAP Search Results

CVE
Details
Description
2019-01-03
Medium
CVE-2019-3905

Vendor: Zohocorp
Software: Manageengine...
 

 
Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

 
Medium
CVE-2018-19601

Vendor: Rhymix
Software: Rhymix
 

 
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.

 
2019-01-02
Medium
CVE-2018-14721

Vendor: Fasterxml
Software: Jackson-databind
 

 
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

 
2018-12-28
Low
CVE-2018-20528

Vendor: Jeecms
Software: Jeecms
 

 
JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter.

 
2018-12-04
Medium
CVE-2018-18646

Vendor: Gitlab
Software: Gitlab
 

 
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF.

 
2018-11-28
Low
CVE-2018-19651

Vendor: Interspire
Software: Email marketer
 

 
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL.

 
2018-10-31
Medium
CVE-2018-18867

Vendor: Tecrail
Software: Responsive f...
 

 
An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-15495.

 
2018-09-21
Medium
CVE-2018-16793

Vendor: Microsoft
Software: Exchange server
 

 
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

 
2018-09-18
Medium
CVE-2018-16794

Vendor: Microsoft
Software: Active direc...
 

 
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.

 
2018-09-11
Medium
CVE-2018-2463

Vendor: SAP
Software: Hybris
 

 
The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top