Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssrf vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-14227
OX App Suite 7.10.1 and 7.10.2 allows XSS.
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.1
4
CVSSv2
CVE-2020-11452
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the...
Microstrategy Microstrategy Web
5
CVSSv2
CVE-2020-11453
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still pos...
Microstrategy Microstrategy Web 10.4
3.5
CVSSv2
CVE-2020-11454
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a ...
Microstrategy Microstrategy Web 10.4
5
CVSSv2
CVE-2020-11450
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issu...
Microstrategy Microstrategy Web
6.5
CVSSv2
CVE-2020-11451
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administr...
Microstrategy Microstrategy Web
5
CVSSv2
CVE-2019-9621
Zimbra Collaboration Suite prior to 8.6 patch 13, 8.7.x prior to 8.7.11 patch 10, and 8.8.x prior to 8.8.10 patch 7 or 8.8.x prior to 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Zimbra Collaboration Server 8.6.0
Zimbra Collaboration Server
Zimbra Collaboration Server 8.7.11
Zimbra Collaboration Server 8.8.10
Zimbra Collaboration Server 8.8.11
2 EDB exploits
2 Github repositories
6.4
CVSSv2
CVE-2020-11987
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Apache Batik
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Oracle Enterprise Repository 11.1.1.7.0
Oracle Retail Back Office 14.1
Oracle Weblogic Server 12.2.1.3.0
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Retail Returns Management 14.1
Oracle Retail Central Office 14.1
Oracle Retail Point-of-service 14.1
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Communications Metasolv Solution 6.3.0
Oracle Banking Digital Experience 18.3
Oracle Banking Digital Experience 19.1
Oracle Weblogic Server 12.2.1.4.0
Oracle Fusion Middleware Mapviewer 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
1 Github repository
7.5
CVSSv2
CVE-2018-8940
ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an malicious user to upload a malicious XML file and reference it in the URL of the application, forcing the application to...
Enghouse Contact Center\\ Service Provider
6.4
CVSSv2
CVE-2020-16171
An issue exists in Acronis Cyber Backup prior to 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused ...
Acronis Cyber Backup
Acronis Cyber Backup 12.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »