Search Results (2838 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9458 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors.
CVE-2017-12905 1 Vebto 1 Pixie - Image Editor 2025-04-20 10.0 Critical
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.
CVE-2016-7999 1 Spip 1 Spip 2025-04-20 N/A
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
CVE-2016-6621 1 Phpmyadmin 1 Phpmyadmin 2025-04-20 N/A
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
CVE-2016-6001 1 Ibm 1 Forms Experience Builder 2025-04-20 N/A
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.
CVE-2017-17697 1 Linuxfoundation 1 Harbor 2025-04-20 8.6 High
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.
CVE-2017-0906 1 Recurly 1 Recurly Client Python 2025-04-20 N/A
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.
CVE-2017-11291 1 Adobe 1 Connect 2025-04-20 N/A
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.
CVE-2017-5643 2 Apache, Redhat 3 Camel, Jboss Amq, Jboss Fuse 2025-04-20 N/A
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
CVE-2017-0889 1 Thoughtbot 1 Paperclip 2025-04-20 N/A
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
CVE-2017-0905 1 Recurly 1 Recurly Client Ruby 2025-04-20 N/A
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources.
CVE-2017-0907 1 Recurly 1 Recurly Client .net 2025-04-20 N/A
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.
CVE-2017-12071 1 Synology 1 Photo Station 2025-04-20 N/A
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
CVE-2017-7566 1 Mybb 1 Mybb 2025-04-20 N/A
MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.
CVE-2017-11149 1 Synology 1 Download Station 2025-04-20 N/A
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.
CVE-2015-8813 1 Umbraco 1 Umbraco 2025-04-20 N/A
The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
CVE-2017-7272 1 Php 1 Php 2025-04-20 N/A
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.
CVE-2017-10973 1 Finecms Project 1 Finecms 2025-04-20 N/A
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.
CVE-2017-9307 1 Allen Disk Project 1 Allen Disk 2025-04-20 N/A
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.
CVE-2017-15943 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.