Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18036 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | N/A |
| The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. | ||||
| CVE-2017-17697 | 1 Linuxfoundation | 1 Harbor | 2024-11-21 | 8.6 High |
| The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | ||||
| CVE-2017-17674 | 1 Bmc | 1 Remedy Mid-tier | 2024-11-21 | 9.8 Critical |
| BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE). | ||||
| CVE-2017-16870 | 1 Updraftplus | 1 Updraftplus | 2024-11-21 | N/A |
| The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary | ||||
| CVE-2017-16865 | 1 Atlassian | 1 Jira | 2024-11-21 | N/A |
| The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information. | ||||
| CVE-2017-16678 | 1 Sap | 4 Epbc, Epbc2, Kmc-bc and 1 more | 2024-11-21 | N/A |
| Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application. | ||||
| CVE-2017-16614 | 1 Tp-shop | 1 Tpshop | 2024-11-21 | N/A |
| SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter. | ||||
| CVE-2017-15943 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
| The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities. | ||||
| CVE-2017-15886 | 1 Synology | 1 Chat | 2024-11-21 | N/A |
| Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | ||||
| CVE-2017-15644 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A |
| SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | ||||
| CVE-2017-15029 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. | ||||
| CVE-2017-14611 | 1 Agentejo | 1 Cockpit | 2024-11-21 | N/A |
| SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component. | ||||
| CVE-2017-14585 | 1 Atlassian | 2 Hipchat Data Center, Hipchat Server | 2024-11-21 | N/A |
| A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected. | ||||
| CVE-2017-14323 | 1 Onethink | 1 Onethink | 2024-11-21 | N/A |
| SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter. | ||||
| CVE-2017-13667 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. | ||||
| CVE-2017-12905 | 1 Vebto | 1 Pixie - Image Editor | 2024-11-21 | 10.0 Critical |
| Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. | ||||
| CVE-2017-12071 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. | ||||
| CVE-2017-11291 | 1 Adobe | 1 Connect | 2024-11-21 | N/A |
| An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls. | ||||
| CVE-2017-11149 | 1 Synology | 1 Download Station | 2024-11-21 | N/A |
| Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. | ||||
| CVE-2017-11148 | 1 Synology | 1 Chat | 2024-11-21 | N/A |
| Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | ||||