ssrf vulnerabilities and exploits

7.5
CVSSv2
CVE-2018-7667

Adminer through 4.3.1 has SSRF via the server parameter....

7.5
CVSSv2
CVE-2018-20596

Jspxcms v9.0.0 allows SSRF....

7.5
CVSSv2
CVE-2019-3809

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests...

Moodle
5
CVSSv2
CVE-2017-15943

The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF)...

NA
CVE-2018-1000102

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1000067. Reason: This candidate is a reservation duplicate of CVE-2018-1000067. Notes: All CVE users should reference CVE-2018-1000067 instead of this candidate. All references and descriptions in this...

4.3
CVSSv2
CVE-2017-9061

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename....

WordpressDebianDebian Linux
5
CVSSv2
CVE-2017-9065

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API....

WordpressDebianDebian Linux
5
CVSSv2
CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API....

WordpressDebianDebian Linux
6.8
CVSSv2
CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials....

WordpressDebianDebian Linux
4.3
CVSSv2
CVE-2017-9063

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session....

WordpressDebianDebian Linux