Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-01 | CVE-2018-6186 | Server-Side Request Forgery (SSRF) vulnerability in Citrix Netscaler 12.0 Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. | 8.8 |
| 2018-01-23 | CVE-2018-6029 | Server-Side Request Forgery (SSRF) vulnerability in 5None Nonecms 1.3.0 The copy function in application/admin/controller/Article.php in NoneCms 1.3.0 allows remote attackers to access the content of internal and external network resources via Server Side Request Forgery (SSRF), because URL validation only considers whether the URL contains the "csdn" substring. | 7.5 |
| 2018-01-22 | CVE-2018-1042 | Server-Side Request Forgery (SSRF) vulnerability in Moodle Moodle 3.x has Server Side Request Forgery in the filepicker. | 6.5 |
| 2018-01-17 | CVE-2017-16865 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). | 5.3 |
| 2018-01-02 | CVE-2017-1000419 | Server-Side Request Forgery (SSRF) vulnerability in PHPbb 3.2.0 phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application. | 7.5 |
| 2017-12-28 | CVE-2017-15886 | Server-Side Request Forgery (SSRF) vulnerability in Synology Chat Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | 6.5 |
| 2017-12-15 | CVE-2017-17697 | Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Harbor The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | 8.6 |
| 2017-12-12 | CVE-2017-16678 | Server-Side Request Forgery (SSRF) vulnerability in SAP products Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application. | 4.7 |
| 2017-12-11 | CVE-2017-15943 | Server-Side Request Forgery (SSRF) vulnerability in Paloaltonetworks Pan-Os The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities. | 5.3 |
| 2017-12-09 | CVE-2017-11291 | Server-Side Request Forgery (SSRF) vulnerability in Adobe Connect An issue was discovered in Adobe Connect 9.6.2 and earlier versions. | 10.0 |