Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssrf vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2021-26699
OX App Suite prior to 7.10.3-rev4 and 7.10.4 prior to 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.
Open-xchange Open-xchange Appsuite 7.10.3
Open-xchange Open-xchange Appsuite 7.10.4
6.4
CVSSv2
CVE-2017-3546
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network...
Oracle Peoplesoft Enterprise Peopletools 8.55
Oracle Peoplesoft Enterprise Peopletools 8.54
1 EDB exploit
NA
CVE-2023-50968
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.1...
Apache Ofbiz
5
CVSSv2
CVE-2017-3164
Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.
Apache Solr
1 Github repository
6.4
CVSSv2
CVE-2017-1000190
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
Simplexml Project Simplexml 2.7.1
1 Github repository
6.8
CVSSv2
CVE-2015-8379
CakePHP 2.x and 3.x prior to 3.1.5 might allow remote malicious users to bypass the CSRF protection mechanism via the _method parameter.
Cakephp Cakephp 3.1.1
Cakephp Cakephp 3.1.0
Cakephp Cakephp 3.0.11
Cakephp Cakephp 3.0.10
Cakephp Cakephp 3.0.3
Cakephp Cakephp 3.0.2
Cakephp Cakephp 3.0.0
Cakephp Cakephp 2.7.7
Cakephp Cakephp 2.7.6
Cakephp Cakephp 2.7.0
Cakephp Cakephp 2.6.12
Cakephp Cakephp 2.6.5
Cakephp Cakephp 2.6.4
Cakephp Cakephp 2.5.8
Cakephp Cakephp 2.5.7
Cakephp Cakephp 2.5.0
Cakephp Cakephp 2.4.6
Cakephp Cakephp 2.4.5
Cakephp Cakephp 2.4.4
Cakephp Cakephp 2.4.0
Cakephp Cakephp 2.3.10
Cakephp Cakephp 2.3.3
4.3
CVSSv2
CVE-2013-1646
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote malicious users to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST request, (2) an arbi...
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.20.7
Open-xchange Open-xchange Server 6.22.0
1 EDB exploit
5
CVSSv2
CVE-2013-1647
Multiple CRLF injection vulnerabilities in Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by...
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.22.0
Open-xchange Open-xchange Server 6.20.7
1 EDB exploit
4.3
CVSSv2
CVE-2013-1649
Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent malicious users to obtain cleartext passwords via a brute-force attack.
Open-xchange Open-xchange Server 6.22.0
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.20.7
1 EDB exploit
2.1
CVSSv2
CVE-2013-1650
Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.20.7
Open-xchange Open-xchange Server 6.22.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3012
CVE-2024-30200
XXE
CVE-2023-24955
CVE-2023-42931
CVE-2024-29231
remote code execution
cross-site scripting
CVE-2024-0677
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »