1998 matches found
PT-2023-22468 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the AddMacList interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic R200 versi...
PT-2023-22463 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the Edit BasicSSID 5G interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic R20...
PT-2023-22461 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the UpdateSnat interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic R200 versi...
PT-2023-22525 · Unknown · Sourcecodester Judging Management System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Judging Management System version 1.0 Description: The issue is related to SQL Injection, which can be exploited via the "/php-jms/print judges.php" API endpoint with specific parameters such as se name and sub event id...
FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)
Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Date: 18/04/2023 Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests...
PT-2023-21341 · Unknown · Online Jewelry Shop
Name of the Vulnerable Software and Affected Versions: Online Jewelry Shop version 1.0 Description: A stored cross-site scripting XSS issue in the "/index.php?page=category list" API endpoint of Online Jewelry Shop allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2022-45170
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...
Improper access control
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskDOMAIN/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system a...
PT-2023-22337 · Unknown · Yoga Class Registration System
Name of the Vulnerable Software and Affected Versions: Yoga Class Registration System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the cid parameter at the "/admin/login.php" API endpoint. Recommendations: For Yoga Class...
PT-2023-21358 · H3C · H3C Magic R100
Name of the Vulnerable Software and Affected Versions: H3C Magic R100 version R100V100R005.bin Description: A stack overflow issue was discovered via the DeltriggerList interface at the "/goform/aspForm" API endpoint. This issue allows attackers to cause a Denial of Service DoS by sending a craft...
PT-2023-20883 · Totolink · Totolink A7100Ru
Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 B20191024 Description: A command injection issue was found via the pppoeAcName parameter at the "/setting/setWanIeCfg" API endpoint. Recommendations: For version 7.4cu.2313 B20191024, avoid using the...
PT-2023-21353 · H3C · H3C Magic R100
Name of the Vulnerable Software and Affected Versions: H3C Magic R100 version R100V100R005.bin Description: A stack overflow issue was discovered via the EdittriggerList interface at the "/goform/aspForm" API endpoint. This allows attackers to cause a Denial of Service DoS via a crafted payload...
SUSE CVE-2023-28834
Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...
CVE-2023-28834
Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...
Information disclosure
Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...
CVE-2023-28834
Summary of CVE-2023-28834 (Nextcloud Server information disclosure) Affected: Nextcloud Server 24.0.0–24.0.6, 25.0.0–25.0.4; Nextcloud Enterprise Server 23.0.0–23.0.11, 24.0.0–24.0.6, 25.0.0–25.0.4. Root cause: An API endpoint allowed a user to obtain the full data directory path of the Nextcloud...
CVE-2023-28834 Full path of data directory exposed to Nextcloud server users
Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...
Full path of data directory exposed to users
None...
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...