Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
CWE
:
Tytuł
Data
Autor
High
Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection
14.07.2018
Alt3kx
Low
SPIP 3.1.2 Server Side Request Forgery
20.10.2016
Nicolas CHATELAIN
Low
Google Docs XSPA / SSRF
10.09.2016
Ashiyane Digital Secur...
Low
Infoware MapSuite Server-Side Request Forgery
04.06.2014
Christian
Common Weakness Enumeration (CWE)
CVE
Szczegóły
Opis
2019-11-13
Medium
CVE-2019-16948
Vendor:
Enghouseinteractive
Software:
Web chat
An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any POST request, one can replace the port number at WebServiceLocation=http://localhost:8085/UCWebServices/ with a range of ports to determine what is visible on the internal network (as opposed to what general web traffic would see on the product's host). The response from open ports is different than from closed ports. The product does not allow one to change the protocol: anything except http(s) will throw an error; however, it is the type of error that allows one to determine if a port is open or not.
2019-10-24
Medium
CVE-2019-18394
Updating...
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
2019-10-23
Medium
CVE-2019-18355
Updating...
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
2019-10-14
Medium
CVE-2019-14225
Vendor:
Open-xchange
Software:
Open-xchange...
OX App Suite 7.10.1 and 7.10.2 allows SSRF.
2019-10-03
Medium
CVE-2019-15164
Vendor:
Tcpdump
Software:
Libpcap
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
2019-10-02
Medium
CVE-2019-13335
Vendor:
Salesagility
Software:
Suitecrm
SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF.
2019-09-30
Medium
CVE-2019-16932
Vendor:
Themeisle
Software:
Visualizer
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
2019-09-26
Medium
CVE-2019-4262
Vendor:
IBM
Software:
Qradar secur...
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014.
2019-09-19
Low
CVE-2019-15033
Vendor:
Pydio
Software:
Pydio
Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.
2019-09-17
Medium
CVE-2019-6837
Updating...
A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could cause server configuration data to be exposed when an attacker modifies a URL.
Copyright
2019
, cxsecurity.com
Back to Top
Polish
English