CWE:
 

Topic
Date
Author
High
Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection
14.07.2018
Alt3kx
Low
SPIP 3.1.2 Server Side Request Forgery
20.10.2016
Nicolas CHATELAIN
Low
Google Docs XSPA / SSRF
10.09.2016
Ashiyane Digital Secur...
Low
Infoware MapSuite Server-Side Request Forgery
04.06.2014
Christian


CVEMAP Search Results

CVE
Details
Description
2019-11-13
Medium
CVE-2019-16948

Vendor: Enghouseinteractive
Software: Web chat
 

 
An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). The response from open ports is different than from closed ports. The product does not allow one to change the protocol: anything except http(s) will throw an error; however, it is the type of error that allows one to determine if a port is open or not.

 
2019-10-24
Medium
CVE-2019-18394

Updating...
 

 
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.

 
2019-10-23
Medium
CVE-2019-18355

Updating...
 

 
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.

 
2019-10-14
Medium
CVE-2019-14225

Vendor: Open-xchange
Software: Open-xchange...
 

 
OX App Suite 7.10.1 and 7.10.2 allows SSRF.

 
2019-10-03
Medium
CVE-2019-15164

Vendor: Tcpdump
Software: Libpcap
 

 
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.

 
2019-10-02
Medium
CVE-2019-13335

Vendor: Salesagility
Software: Suitecrm
 

 
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.

 
2019-09-30
Medium
CVE-2019-16932

Vendor: Themeisle
Software: Visualizer
 

 
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.

 
2019-09-26
Medium
CVE-2019-4262

Vendor: IBM
Software: Qradar secur...
 

 
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014.

 
2019-09-19
Low
CVE-2019-15033

Vendor: Pydio
Software: Pydio
 

 
Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.

 
2019-09-17
Medium
CVE-2019-6837

Updating...
 

 
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top