CWE:
 

Topic
Date
Author
High
Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection
14.07.2018
Alt3kx
Low
SPIP 3.1.2 Server Side Request Forgery
20.10.2016
Nicolas CHATELAIN
Low
Google Docs XSPA / SSRF
10.09.2016
Ashiyane Digital Secur...
Low
Infoware MapSuite Server-Side Request Forgery
04.06.2014
Christian


CVEMAP Search Results

CVE
Details
Description
2019-02-21
Medium
CVE-2019-8982

Vendor: Wavemaker
Software: Wavemarker s...
 

 
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.

 
2019-02-07
Low
CVE-2019-1679

Vendor: Cisco
Software: Telepresence...
 

 
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the affected server. Versions prior to XC4.3.4 are affected.

 
2019-02-06
Low
CVE-2019-1003020

Vendor: Jenkins
Software: Kanboard
 

 
A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL.

 
2019-02-04
Low
CVE-2018-15657

Updating...
 

 
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.

 
2019-01-31
Medium
CVE-2018-15517

Vendor: D-link
Software: Central wifi...
 

 
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI.

 
2019-01-30
Low
CVE-2018-12609

Vendor: Open-xchange
Software: Open-xchange...
 

 
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.

 
2019-01-14
Low
CVE-2019-6257

Updating...
 

 
A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.

 
2019-01-09
Low
CVE-2018-1000422

Vendor: Atlassian
Software: Crowd2
 

 
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings.

 
Low
CVE-2018-1000421

Vendor: Apache
Software: Mesos
 

 
An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

 
2019-01-08
Medium
CVE-2019-5725

Vendor: Qibosoft
Software: Qibosoft
 

 
qibosoft through V7 allows remote attackers to read arbitrary files via the member/index.php main parameter, as demonstrated by SSRF to a URL on the same web site to read a .sql file.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top