Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-31 | CVE-2016-7964 | Server-Side Request Forgery (SSRF) vulnerability in Dokuwiki 20160626A The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. | 8.6 |
| 2016-09-02 | CVE-2016-6483 | Server-Side Request Forgery (SSRF) vulnerability in Vbulletin The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code. | 8.6 |
| 2016-08-08 | CVE-2016-4374 | Server-Side Request Forgery (SSRF) vulnerability in HP Release Control 9.13/9.20/9.21 HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors. | 7.7 |
| 2016-08-07 | CVE-2016-4029 | Server-Side Request Forgery (SSRF) vulnerability in multiple products WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address. | 8.6 |
| 2016-05-05 | CVE-2016-3718 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | 5.5 |
| 2010-06-22 | CVE-2010-1637 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | 6.5 |
| 2004-07-27 | CVE-2004-2061 | Server-Side Request Forgery (SSRF) vulnerability in Risearch and Risearch PRO RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL. | 9.8 |
| 2003-04-22 | CVE-2002-1484 | Server-Side Request Forgery (SSRF) vulnerability in Siemens Db4Web 3.4/3.6 DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message. | 9.8 |