Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15516 | 1 Dlink | 1 Central Wifimanager | 2024-08-05 | N/A |
| The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. | ||||
| CVE-2018-15517 | 1 Dlink | 1 Central Wifimanager | 2024-08-05 | N/A |
| The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. | ||||
| CVE-2018-14858 | 1 Icmsdev | 1 Icms | 2024-08-05 | N/A |
| An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514. | ||||
| CVE-2018-14728 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-05 | N/A |
| upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. | ||||
| CVE-2018-14721 | 4 Debian, Fasterxml, Oracle and 1 more | 21 Debian Linux, Jackson-databind, Banking Platform and 18 more | 2024-08-05 | N/A |
| FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. | ||||
| CVE-2018-14514 | 1 Icmsdev | 1 Icms | 2024-08-05 | N/A |
| An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. | ||||
| CVE-2018-13790 | 1 Concretecms | 1 Concrete Cms | 2024-08-05 | 7.2 High |
| A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page. | ||||
| CVE-2018-13103 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-05 | N/A |
| OX App Suite 7.8.4 and earlier allows SSRF. | ||||
| CVE-2018-12809 | 1 Adobe | 1 Experience Manager | 2024-08-05 | N/A |
| Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2018-12609 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-05 | N/A |
| OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. | ||||
| CVE-2018-12571 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2024-08-05 | N/A |
| uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome. | ||||
| CVE-2018-10220 | 1 Mushmush | 1 Glastopf | 2024-08-05 | N/A |
| Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation | ||||
| CVE-2018-11586 | 1 Searchblox | 1 Searchblox | 2024-08-05 | N/A |
| XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
| CVE-2018-10511 | 1 Trendmicro | 1 Control Manager | 2024-08-05 | 10.0 Critical |
| A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. | ||||
| CVE-2018-10174 | 1 Digitalguardian | 1 Management Console | 2024-08-05 | N/A |
| Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role. | ||||
| CVE-2018-9919 | 1 Tp-shop | 1 Tp-shop | 2024-08-05 | N/A |
| A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the "down_url" URL into the "bddlj" local file if the attacker knows the backdoor "jmmy" parameter. | ||||
| CVE-2018-9920 | 1 K2 | 1 Smartforms | 2024-08-05 | N/A |
| Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL. | ||||
| CVE-2018-9302 | 1 Getcockpit | 1 Cockpit | 2024-08-05 | N/A |
| SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4. | ||||
| CVE-2018-8801 | 1 Gitlab | 1 Gitlab | 2024-08-05 | N/A |
| GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component. | ||||
| CVE-2018-7667 | 1 Adminer | 1 Adminer | 2024-08-05 | N/A |
| Adminer through 4.3.1 has SSRF via the server parameter. | ||||