SALESmanago < 3.2.5 - Log Injection via Weak Authentication Token

Description The plugin uses a weak authentication toke for it's /wp-json/salesmanago/v1/callbackApiV3 API endpoint, allowing unauthenticated attackers to inject arbitrary content into the plugin logs...

PT-2023-7234 · Cisco · Cisco Firepower Management Center (Fmc)

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: The issue is related to insufficient input validation in the file download feature of Cisco Firepower Management Center FMC Software. This could allow...

Denial Of Service (DoS)

Mattermost is vulnerable to Denial of Service DoS. The vulnerability is due to the /api/v4/users/ids endpoint which lacks a duplicate id check. This allows an attacker to send a request with multiple identical IDs which can consume excessive resources...

Fides Information Disclosure Vulnerability in Config API Endpoint

Impact The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the...

CVE-2023-4939 SALESmanago <= 3.2.4 - Log Injection via Weak Authentication Token

The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page...

WordPress Plugin SALESmanago Authorization Issues Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

PT-2023-29944 · Next.Js · Next.Js

Name of the Vulnerable Software and Affected Versions: Next.js versions prior to 13.4.20-canary.13 Description: The issue is related to a lack of a cache-control header in Next.js, which can cause empty prefetch responses to be cached by a CDN. This can lead to a denial of service for all users...

PT-2023-29791 · Sourcecodester · Sourcecodester Best Courier Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Best Courier Management System version 1.0 Description: The issue concerns SQL Injection via the id parameter in the "/edit staff.php" API endpoint. This allows for potential exploitation. Recommendations: For Sourcecodester Be...

Improper Access Control

vantage6-server is vulnerable to Improper Access Control. The vulnerability is due to improper permission checks in the /api/collaboration/id/task endpoint which retrieves tasks from a collaboration. Vantage only checks if the user has permission to view the collaboration, but should also check i...

PT-2023-29732 · Unknown · Vitogate 300

Name of the Vulnerable Software and Affected Versions: Vitogate 300 version 2.1.3.0 Description: The issue allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method in the...

CVE-2023-41882

vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/id/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version...

MTN Group: Information disclosure via enabled Django Debug Mode

The Django Debug Mode was enabled, which resulted in the disclosure of error messages, API endpoints, and the ability to register arbitrary user accounts and enumerate email addresses of registered users...

CVE-2023-45303

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...

CVE-2023-5160 Full name disclosure via team top membership with Show Full Name option disabled

Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAMID/top/teammembers endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled...

CVE-2023-43662

ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...

Deserialization of untrusted data

Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the networktraffic API endpoint. An attacker can leverage this vulnerability to execute...

No rate limit on sending magic link to sign-in

Description It was observed that rate limit is not being implemented on sending magic link , which allows an attacker to spam the victims mailbox. Affected URL : https://app.vrite.io/api/v1/auth.sendMagicLink?batch=1 Proof of Concept 1. Visit - https://app.vrite.io/auth 2. select option "continue...

Remote Code Execution

FUXA is vulnerable to Remote Command Execution. The vulnerability is due to the lack of sanitization on user supplied input which allows use of dangerous methods at the following affected API route /api/runscript. This can be exploited by an attacker by passing malicious user input to the followi...

PT-2023-28810 · Unknown +1 · Hoteldruid +1

Name of the Vulnerable Software and Affected Versions: Hoteldruid version 3.0.5 Description: A SQL injection vulnerability was discovered in Hoteldruid via the n utente agg parameter at the "/hoteldruid/interconnessioni.php" API endpoint. This issue allows for SQL injection attacks, potentially...

Design/Logic Flaw

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...