Total
1279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7055 | 1 Steelcase | 2 Roomwizard, Roomwizard Firmware | 2024-08-05 | N/A |
| GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter. | ||||
| CVE-2018-6186 | 1 Citrix | 1 Netscaler | 2024-08-05 | N/A |
| Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges. | ||||
| CVE-2018-6029 | 1 5none | 1 Nonecms | 2024-08-05 | N/A |
| The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the "csdn" substring. | ||||
| CVE-2018-5752 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-08-05 | N/A |
| The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses. | ||||
| CVE-2018-5006 | 1 Adobe | 1 Experience Manager | 2024-08-05 | N/A |
| Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2018-5004 | 1 Adobe | 1 Experience Manager | 2024-08-05 | N/A |
| Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2018-3774 | 2 Redhat, Url-parse Project | 2 Quay, Url-parse | 2024-08-05 | 9.8 Critical |
| Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | ||||
| CVE-2018-2463 | 1 Sap | 1 Hybris | 2024-08-05 | N/A |
| The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. This is due to a misconfiguration of XML parser that is used in the server-side implementation of OCC. | ||||
| CVE-2018-2445 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-05 | N/A |
| AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. | ||||
| CVE-2018-2370 | 1 Sap | 1 Bi Launchpad | 2024-08-05 | N/A |
| Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server. | ||||
| CVE-2018-1042 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
| Moodle 3.x has Server Side Request Forgery in the filepicker. | ||||
| CVE-2018-0403 | 1 Cisco | 2 Unified Contact Center Express, Unified Ip Interactive Voice Response | 2024-08-05 | N/A |
| Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040. | ||||
| CVE-2018-0399 | 1 Cisco | 1 Finesse | 2024-08-05 | N/A |
| Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044. | ||||
| CVE-2018-0398 | 1 Cisco | 1 Finesse | 2024-08-05 | N/A |
| Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018. | ||||
| CVE-2019-1003028 | 1 Jenkins | 1 Jms Messaging | 2024-08-05 | N/A |
| A server-side request forgery vulnerability exists in Jenkins JMS Messaging Plugin 1.1.1 and earlier in SSLCertificateAuthenticationMethod.java, UsernameAuthenticationMethod.java that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. | ||||
| CVE-2019-1003026 | 1 Jenkins | 1 Mattermost | 2024-08-05 | N/A |
| A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message. | ||||
| CVE-2019-1003027 | 1 Jenkins | 1 Octopusdeploy | 2024-08-05 | N/A |
| A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise. | ||||
| CVE-2019-20872 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 5.5 Medium |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services. | ||||
| CVE-2019-20474 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-08-05 | 4.3 Medium |
| An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF. | ||||
| CVE-2019-20055 | 1 Liquidpixels | 1 Liquifire Os | 2024-08-05 | 6.5 Medium |
| LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets. | ||||