Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE	CVE	VULNERABILITY TITLE	RISK
2017-02-01	CVE-2016-6001	Server-Side Request Forgery (SSRF) vulnerability in IBM Forms Experience Builder 8.5/8.5.1/8.6.0 IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. network high complexity ibm CWE-918	3.1
2017-01-31	CVE-2016-9417	Server-Side Request Forgery (SSRF) vulnerability in Mybb Merge System and Mybb The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. network low complexity mybb CWE-918	7.4
2017-01-31	CVE-2016-6621	Server-Side Request Forgery (SSRF) vulnerability in PHPmyadmin The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. network low complexity phpmyadmin CWE-918	8.6
2017-01-18	CVE-2016-7999	Server-Side Request Forgery (SSRF) vulnerability in Spip ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. network low complexity spip CWE-918	7.4
2017-01-17	CVE-2017-5518	Server-Side Request Forgery (SSRF) vulnerability in Metalgenix Genixcms The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. network low complexity metalgenix CWE-918	7.4
2016-12-15	CVE-2016-4046	Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite 7.8.1 An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. network low complexity open-xchange CWE-918	5.8
2016-12-01	CVE-2016-9752	Server-Side Request Forgery (SSRF) vulnerability in S9Y Serendipity In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. network low complexity s9y CWE-918	8.6
2016-11-25	CVE-2016-5968	Server-Side Request Forgery (SSRF) vulnerability in IBM Tealeaf Customer Experience The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors. network low complexity ibm CWE-918	5.3
2016-10-31	CVE-2016-7964	Server-Side Request Forgery (SSRF) vulnerability in Dokuwiki 20160626A The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. network low complexity dokuwiki CWE-918	8.6
2016-09-02	CVE-2016-6483	Server-Side Request Forgery (SSRF) vulnerability in Vbulletin The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code. network low complexity vbulletin CWE-918	8.6