Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-29 | CVE-2018-18753 | Server-Side Request Forgery (SSRF) vulnerability in Typecho 1.1 Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF. | 9.8 |
| 2018-09-21 | CVE-2018-16793 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2010 Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | 8.6 |
| 2018-09-18 | CVE-2018-16794 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Active Directory Federation Services Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. | 8.6 |
| 2018-09-11 | CVE-2018-2463 | Server-Side Request Forgery (SSRF) vulnerability in SAP Hybris The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. | 8.6 |
| 2018-09-07 | CVE-2018-1789 | Server-Side Request Forgery (SSRF) vulnerability in IBM API Connect IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. | 9.9 |
| 2018-09-04 | CVE-2018-16444 | Server-Side Request Forgery (SSRF) vulnerability in Seacms 6.61 An issue was discovered in SeaCMS 6.61. | 9.1 |
| 2018-09-03 | CVE-2018-16409 | Server-Side Request Forgery (SSRF) vulnerability in Gogs 0.11.53 In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. | 8.6 |
| 2018-08-27 | CVE-2018-15895 | Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. | 7.5 |
| 2018-08-15 | CVE-2018-10511 | Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Control Manager 6.0/7.0 A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. | 10.0 |
| 2018-08-14 | CVE-2018-2445 | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence 4.1/4.2 AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. | 9.6 |