Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-28 | CVE-2018-19651 | Server-Side Request Forgery (SSRF) vulnerability in Interspire Email Marketer admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. | 6.5 |
| 2018-11-07 | CVE-2018-19047 | Server-Side Request Forgery (SSRF) vulnerability in Mpdf Project Mpdf mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. | 10.0 |
| 2018-10-31 | CVE-2018-18867 | Server-Side Request Forgery (SSRF) vulnerability in Tecrail Responsive Filemanager 9.13.4 An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. | 8.6 |
| 2018-10-29 | CVE-2018-18753 | Server-Side Request Forgery (SSRF) vulnerability in Typecho 1.1 Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. | 9.8 |
| 2018-09-21 | CVE-2018-16793 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2010 Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | 8.6 |
| 2018-09-18 | CVE-2018-16794 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Active Directory Federation Services Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. | 8.6 |
| 2018-09-11 | CVE-2018-2463 | Server-Side Request Forgery (SSRF) vulnerability in SAP Hybris The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. | 8.6 |
| 2018-09-07 | CVE-2018-1789 | Server-Side Request Forgery (SSRF) vulnerability in IBM API Connect IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. | 9.9 |
| 2018-09-04 | CVE-2018-16444 | Server-Side Request Forgery (SSRF) vulnerability in Seacms 6.61 An issue was discovered in SeaCMS 6.61. | 9.1 |
| 2018-09-03 | CVE-2018-16409 | Server-Side Request Forgery (SSRF) vulnerability in Gogs 0.11.53 In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. | 8.6 |