Export limit exceeded: 334897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2719 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14704 | 1 Microdigital | 6 Mdc-n2190v, Mdc-n2190v Firmware, Mdc-n4090 and 3 more | 2024-11-21 | N/A |
| An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras with firmware through 6400.0.8.5 via FTP commands following a newline character in the uploadfile field. | ||||
| CVE-2019-14476 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 6.5 Medium |
| AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems. | ||||
| CVE-2019-14277 | 1 Axway | 1 Securetransport | 2024-11-21 | 9.8 Critical |
| Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). NOTE: The vendor disputes this issues as not being a vulnerability because “All attacks that use external entities are blocked (no external DTD or file inclusions, no SSRF). The impact on confidentiality, integrity and availability is not proved on any version. | ||||
| CVE-2019-14255 | 1 Go-camo Project | 1 Go-camo | 2024-11-21 | N/A |
| A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote attacker to perform HTTP requests to internal endpoints. | ||||
| CVE-2019-14225 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.4 Medium |
| OX App Suite 7.10.1 and 7.10.2 allows SSRF. | ||||
| CVE-2019-13335 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.8 Critical |
| SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has SSRF. | ||||
| CVE-2019-13121 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control. | ||||
| CVE-2019-13020 | 1 Trms | 1 Tightrope Media Carousel | 2024-11-21 | N/A |
| The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content from a third-party attacker-controlled system. Second, arguably more severe, is the potential for an attacker to circumvent firewall controls, by proxying traffic, unauthenticated, into the internal network from the internet. | ||||
| CVE-2019-12996 | 1 Mendix | 1 Mendix | 2024-11-21 | 5.3 Medium |
| In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe. | ||||
| CVE-2019-12994 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | N/A |
| Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet via a parameter in a URL. | ||||
| CVE-2019-12959 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | N/A |
| Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet servlet via a URL in a parameter. | ||||
| CVE-2019-12852 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | N/A |
| An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168. | ||||
| CVE-2019-12822 | 1 Embedthis | 1 Goahead | 2024-11-21 | N/A |
| In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. | ||||
| CVE-2019-12737 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 5.3 Medium |
| UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a One-Way Hash with a Predictable Salt for storing user credentials. | ||||
| CVE-2019-12633 | 1 Cisco | 1 Unified Contact Center Express | 2024-11-21 | 7.5 High |
| A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the affected system. An attacker could exploit this vulnerability by sending the user of the web application a crafted request. If the request is processed, the attacker could access the system and perform unauthorized actions. | ||||
| CVE-2019-12632 | 1 Cisco | 1 Finesse | 2024-11-21 | 7.5 High |
| A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to access the system and perform unauthorized actions. | ||||
| CVE-2019-12443 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.8 Critical |
| An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks. | ||||
| CVE-2019-12161 | 1 Webpagetest | 1 Webpagetest | 2024-11-21 | N/A |
| WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168). | ||||
| CVE-2019-12153 | 1 Realobjects | 1 Pdfreactor | 2024-11-21 | N/A |
| Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content. | ||||
| CVE-2019-11986 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||