Security
Headlines
HeadlinesLatestCVEs

Tag

#ssrf

CVE-2022-37000: VTS22-004: HotFix for Security Advisory impacting NetBackup – Primary/Media Server

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.

CVE
Open in Source
#xss#vulnerability#windows#dos#perl#ssrf#buffer_overflow#auth
CVE-2022-24406: Full Disclosure: Open-Xchange Security Advisory 2022-07-21

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.

Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite

Security release also includes precautionary patches for potential Log4j-like flaw in Logback library

CVE-2021-43959

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2.

CVE-2022-24992: CVE-2022–24992: QRCDR ZeroDay Path Traversal Vulnerability

A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal.

CVE-2022-35651

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.

Open-Xchange App Suite 7.10.x Cross Site Scripting / Command Injection

Open-Xchange App Suite versions 7.10.6 and below suffer from OS command injection and cross site scripting vulnerabilities. One particular cross site scripting issue only affects versions 7.10.5 and below.

CVE-2022-32457: 鼎新電腦 BPM - Blind Server-Side Request Forgery (SSRF)

Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.

CVE-2022-22416: IBM Sterling Partner Engagement Manager server-side request forgery CVE-2022-22416 Vulnerability Report

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126.