Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2017-03-16 CVE-2017-5617 Server-Side Request Forgery (SSRF) vulnerability in multiple products
The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file.
network
low complexity
debian kitfox CWE-918
7.4
2017-03-03 CVE-2015-8813 Server-Side Request Forgery (SSRF) vulnerability in Umbraco
The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
network
umbraco CWE-918
4.3
2017-02-01 CVE-2016-6001 Server-Side Request Forgery (SSRF) vulnerability in IBM Forms Experience Builder 8.5/8.5.1/8.6.0
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.
network
ibm CWE-918
3.5
2017-01-31 CVE-2016-9417 Server-Side Request Forgery (SSRF) vulnerability in Mybb Merge System and Mybb
The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
network
mybb CWE-918
5.8
2017-01-31 CVE-2016-6621 Server-Side Request Forgery (SSRF) vulnerability in PHPmyadmin
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
network
low complexity
phpmyadmin CWE-918
5.0
2017-01-18 CVE-2016-7999 Server-Side Request Forgery (SSRF) vulnerability in Spip
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
network
spip CWE-918
4.3
2017-01-17 CVE-2017-5518 Server-Side Request Forgery (SSRF) vulnerability in Metalgenix Genixcms
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.
4.3
2016-12-15 CVE-2016-4046 Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11.
network
low complexity
open-xchange CWE-918
5.0
2016-12-01 CVE-2016-9752 Server-Side Request Forgery (SSRF) vulnerability in S9Y Serendipity
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
network
low complexity
s9y CWE-918
5.0
2016-11-25 CVE-2016-5968 Server-Side Request Forgery (SSRF) vulnerability in IBM Tealeaf Customer Experience
The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors.
network
low complexity
ibm CWE-918
5.0