CWE:
 

Topic
Date
Author
High
Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection
14.07.2018
Alt3kx
Low
SPIP 3.1.2 Server Side Request Forgery
20.10.2016
Nicolas CHATELAIN
Low
Google Docs XSPA / SSRF
10.09.2016
Ashiyane Digital Secur...
Low
Infoware MapSuite Server-Side Request Forgery
04.06.2014
Christian


CVEMAP Search Results

CVE
Details
Description
2018-09-07
Medium
CVE-2018-1789

Updating...
 

 
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.

 
2018-08-14
Medium
CVE-2018-2445

Vendor: SAP
Software: Businessobje...
 

 
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.

 
2018-08-12
Medium
CVE-2018-3774

Updating...
 

 
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

 
2018-08-07
Medium
CVE-2018-15192

Vendor: Gitea
Software: Gitea
 

 
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.

 
2018-08-03
Medium
CVE-2018-14728

Vendor: Tecrail
Software: Responsive f...
 

 
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.

 
2018-08-02
Medium
CVE-2018-14858

Updating...
 

 
An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514.

 
2018-08-01
Low
CVE-2018-1999039

Vendor: Jenkins
Software: Confluence p...
 

 
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials.

 
Low
CVE-2018-1999026

Vendor: Jenkins
Software: Tracetronic ...
 

 
A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host.

 
2018-07-23
Medium
CVE-2018-14514

Vendor: Icmsdev
Software: ICMS
 

 
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.

 
Low
CVE-2018-1999017

Vendor: Pydio
Software: Pydio
 

 
Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. This attack appears to be exploitable via the attacker gaining access to an administrative account, enters a URL into Upgrade Engine, and reloads the page or presses "Check Now". This vulnerability appears to have been fixed in 8.2.1.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top