Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-27 | CVE-2018-15895 | Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. | 7.5 |
| 2018-08-15 | CVE-2018-10511 | Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Control Manager 6.0/7.0 A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. | 10.0 |
| 2018-08-14 | CVE-2018-2445 | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. | 9.6 |
| 2018-08-12 | CVE-2018-3774 | Server-Side Request Forgery (SSRF) vulnerability in Url-Parse Project Url-Parse Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | 10.0 |
| 2018-08-08 | CVE-2018-15192 | Server-Side Request Forgery (SSRF) vulnerability in multiple products An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services. | 8.6 |
| 2018-08-03 | CVE-2018-14728 | Server-Side Request Forgery (SSRF) vulnerability in Tecrail Responsive Filemanager 9.13.1 upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. | 9.8 |
| 2018-08-02 | CVE-2018-14858 | Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. | 7.5 |
| 2018-08-01 | CVE-2018-1999039 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Confluence Publisher A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials. | 4.3 |
| 2018-08-01 | CVE-2018-1999026 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Tracetronic Ecu-Test A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host. | 6.5 |
| 2018-07-23 | CVE-2018-1999017 | Server-Side Request Forgery (SSRF) vulnerability in Pydio Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery (SSRF) vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath($url) that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. | 4.9 |