Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-4928 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 5.5/6.0 The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. | 5.0 |
| 2017-11-17 | CVE-2017-16870 | Server-Side Request Forgery (SSRF) vulnerability in Updraftplus The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. | 8.1 |
| 2017-11-17 | CVE-2017-1000237 | Server-Side Request Forgery (SSRF) vulnerability in I-Librarian I Librarian I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | 7.5 |
| 2017-11-13 | CVE-2017-0907 | Server-Side Request Forgery (SSRF) vulnerability in Recurly Client .Net The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources. | 7.5 |
| 2017-11-13 | CVE-2017-0906 | Server-Side Request Forgery (SSRF) vulnerability in Recurly Client Python The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources. | 7.5 |
| 2017-11-13 | CVE-2017-0905 | Server-Side Request Forgery (SSRF) vulnerability in Recurly Client Ruby The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources. | 7.5 |
| 2017-11-13 | CVE-2017-0889 | Server-Side Request Forgery (SSRF) vulnerability in Thoughtbot Paperclip Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. | 7.5 |
| 2017-11-03 | CVE-2017-1000139 | Server-Side Request Forgery (SSRF) vulnerability in Mahara Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. | 6.0 |
| 2017-10-19 | CVE-2017-15644 | Server-Side Request Forgery (SSRF) vulnerability in Webmin SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | 5.0 |
| 2017-09-29 | CVE-2017-7553 | Server-Side Request Forgery (SSRF) vulnerability in Redhat Mobile Application Platform 4.0/4.4/4.4.3 The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). | 6.3 |