Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2017-03-16	CVE-2017-5617	Server-Side Request Forgery (SSRF) vulnerability in multiple products The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file. network low complexity debian kitfox CWE-918	7.4
2017-03-03	CVE-2015-8813	Server-Side Request Forgery (SSRF) vulnerability in Umbraco The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter. network low complexity umbraco CWE-918	8.2
2017-02-01	CVE-2016-6001	Server-Side Request Forgery (SSRF) vulnerability in IBM Forms Experience Builder 8.5/8.5.1/8.6.0 IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. network high complexity ibm CWE-918	3.1
2017-01-31	CVE-2016-9417	Server-Side Request Forgery (SSRF) vulnerability in Mybb Merge System and Mybb The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. network low complexity mybb CWE-918	7.4
2017-01-31	CVE-2016-6621	Server-Side Request Forgery (SSRF) vulnerability in PHPmyadmin The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. network low complexity phpmyadmin CWE-918	8.6
2017-01-18	CVE-2016-7999	Server-Side Request Forgery (SSRF) vulnerability in Spip ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. network low complexity spip CWE-918	7.4
2017-01-17	CVE-2017-5518	Server-Side Request Forgery (SSRF) vulnerability in Metalgenix Genixcms The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. network low complexity metalgenix CWE-918	7.4
2016-12-15	CVE-2016-4046	Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite 7.8.1 An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. network low complexity open-xchange CWE-918	5.8
2016-12-01	CVE-2016-9752	Server-Side Request Forgery (SSRF) vulnerability in S9Y Serendipity In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. network low complexity s9y CWE-918	8.6
2016-11-25	CVE-2016-5968	Server-Side Request Forgery (SSRF) vulnerability in IBM Tealeaf Customer Experience The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors. network low complexity ibm CWE-918	5.3