Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssrf vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-23718
The package ssrf-agent prior to 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.
Ssrf-agent Project Ssrf-agent
4.3
CVSSv2
CVE-2015-5255
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x prior to 3.0.0.354175, 3.1.x prior to 3.1.0.354180, 4.5.x prior to 4.5.1.354177, 4.6.2.x prior to 4.6.2.354178, and 4.7.x prior to 4.7.0.354178, allows remote malicio...
Hp Xp7 Command View Advanced Edition -
Hp Xp P9000 Command View Advanced Edition -
Adobe Coldfusion
Adobe Livecycle Data Services 4.6
Adobe Livecycle Data Services 4.7
Adobe Livecycle Data Services 3.0
Adobe Livecycle Data Services 4.5
7.5
CVSSv2
CVE-2018-9919
A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 up to and including 2.0.8, which allows remote malicious users to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-do...
Tp-shop Tp-shop
NA
CVE-2023-1895
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make we...
Motopress Getwid - Gutenberg Blocks
NA
CVE-2023-1910
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers wit...
Motopress Getwid - Gutenberg Blocks
5
CVSSv2
CVE-2014-8749
Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote malicious users to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.
Ait-pro Bulletproof Security
6.5
CVSSv2
CVE-2014-7959
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
Ait-pro Bulletproof Security .45.4
Ait-pro Bulletproof Security .45.5
Ait-pro Bulletproof Security .45.6
Ait-pro Bulletproof Security .46.3
Ait-pro Bulletproof Security .46.4
Ait-pro Bulletproof Security .47.1
Ait-pro Bulletproof Security .47.2
Ait-pro Bulletproof Security .48
Ait-pro Bulletproof Security .48.1
Ait-pro Bulletproof Security .48.8
Ait-pro Bulletproof Security .48.9
Ait-pro Bulletproof Security .49.6
Ait-pro Bulletproof Security .49.7
Ait-pro Bulletproof Security .45.2
Ait-pro Bulletproof Security .45.3
Ait-pro Bulletproof Security .50.7
Ait-pro Bulletproof Security .50.8
Ait-pro Bulletproof Security .45.9
Ait-pro Bulletproof Security .46
Ait-pro Bulletproof Security .46.7
Ait-pro Bulletproof Security .46.8
Ait-pro Bulletproof Security .47.5
4.3
CVSSv2
CVE-2014-7958
Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the dbhost parameter.
Ait-pro Bulletproof Security .50.4
Ait-pro Bulletproof Security .50.3
Ait-pro Bulletproof Security .44.1
Ait-pro Bulletproof Security .44
Ait-pro Bulletproof Security .49.3
Ait-pro Bulletproof Security .49.2
Ait-pro Bulletproof Security .48.5
Ait-pro Bulletproof Security .48.4
Ait-pro Bulletproof Security .47.7
Ait-pro Bulletproof Security .47.6
Ait-pro Bulletproof Security .47.5
Ait-pro Bulletproof Security .46.8
Ait-pro Bulletproof Security .46.7
Ait-pro Bulletproof Security .46
Ait-pro Bulletproof Security .45.9
Ait-pro Bulletproof Security .50.6
Ait-pro Bulletproof Security .50.5
Ait-pro Bulletproof Security .45.1
Ait-pro Bulletproof Security .45
Ait-pro Bulletproof Security .49.5
Ait-pro Bulletproof Security .49.4
Ait-pro Bulletproof Security .48.7
5.5
CVSSv2
CVE-2018-13103
OX App Suite 7.8.4 and previous versions allows SSRF.
Open-xchange Open-xchange Appsuite
7.5
CVSSv2
CVE-2019-9670
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x prior to 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
Synacor Zimbra Collaboration Suite 8.7.11
Synacor Zimbra Collaboration Suite
1 EDB exploit
7 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »