Lucene search
K

2010 matches found

Tenable Nessus
Tenable Nessus
added 2021/06/28 12:0 a.m.24 views

Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass (cisco-sa-mso-authbyp-bb5GmBQv)

According to its self-reported version, a vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper tok...

10CVSS8.8AI score0.14359EPSS
Exploits0References3
Hacker One
Hacker One
added 2021/06/26 3:13 p.m.23 views

Acronis: CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud

Summary Hi team, I hope everything goes well. I have found a CSS Injection in Acronis Cloud Management Consolehttps://mc-beta-cloud.acronis.com/mc via the colorscheme GET parameter. Description: The flow work as I will comment below. If we go to the URL...

7.2AI score
Exploits0
NVD
NVD
added 2021/06/24 4:15 p.m.18 views

CVE-2021-32704

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endpoint in DHIS2 versions 2.34.4, 2.35.2,...

8.8CVSS0.00769EPSS
Exploits0References1
OSV
OSV
added 2021/06/24 4:15 p.m.13 views

CVE-2021-32704

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endpoint in DHIS2 versions 2.34.4, 2.35.2,...

8.8CVSS7.6AI score
Exploits0References1
Prion
Prion
added 2021/06/24 4:15 p.m.19 views

Sql injection

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endpoint in DHIS2 versions 2.34.4, 2.35.2,...

6.5CVSS8.9AI score0.00769EPSS
Exploits0References1Affected Software1
Huntr
Huntr
added 2021/06/15 4:36 p.m.9 views

Improper Privilege Management in gskinner/regexr

✍️ Description I managed to find a Critical IDOR in the https://github.com/gskinner/regexr/ . Any user is able to change the Visibility Status of any pattern set 📚 Proof of Concept 1: Go to https://regexr.com/ 2: Click on "New" in the Top Left Corner 3: Select Pattern Settings and Fill out "patter...

0.4AI score
Exploits0
OSV
OSV
added 2021/05/27 8:15 p.m.3 views

CVE-2020-14329

A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The...

3.3CVSS5.7AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2021/05/27 7:44 p.m.83 views

CVE-2020-14329

Ansible Tower (pre-3.7.2) contains a data exposure flaw where the /api/v2/labels/ endpoint can leak labels across organizations and disclose organization names. The vulnerability primarily affects confidentiality; CVSSv3 base score 3.3 (LOW) with LOCAL access and no user interaction. Red Hat advi...

3.3CVSS3.8AI score0.00268EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/05/27 12:0 a.m.4 views

Red Hat Data Grid 跨站请求伪造漏洞

Red Hat Data Grid is a memory-based Nosql database with distributed support from Red Hat. Red Hat Data Grid 8.2.0 suffers from a cross-site request forgery vulnerability that stems from a lack of authentication measures or insufficient authentication strength in a networked system or product. An...

7.1CVSS7AI score0.00445EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/05/26 12:0 a.m.6 views

PT-2021-8690 · Red Hat · Redhat-Certification

Name of the Vulnerable Software and Affected Versions: redhat-certification version 7 Description: The issue is related to improper configuration, which allows listing of all files and directories in the /var/www/rhcert/store/transfer directory through the "/rhcert-transfer" API endpoint. This...

7.5CVSS6AI score0.01063EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/05/24 4:58 p.m.53 views

Authenticated users can exploit an enumeration vulnerability in Harbor

Impact Hidde Smit from Cyber Eagle has discovered an User Enumeration flaw in Harbor. The issue is present in the "/users" api endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained via the "search"...

4.3CVSS1AI score0.01266EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2021/05/20 12:46 p.m.78 views

CVE-2021-29659

OwnCloud 10.7 is affected by an incorrect access control vulnerability in a related API endpoint that allows remote information disclosure. An attacker can enumerate all users in a single request by supplying three whitespace characters, and on large instances this may add unusual load. The conne...

6.5CVSS6.1AI score0.01327EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/20 12:46 p.m.39 views

CVE-2021-29659

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could...

6.4AI score0.01327EPSS
Exploits0References2
0day.today
0day.today
added 2021/05/12 12:0 a.m.202 views

ERPNext 12.18.0 / 13.0.0 SQL Injection Vulnerability

Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-01 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta Vendor: Frappé Technologies https://frappe.io Credits: Trovent...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/11 12:0 a.m.731 views

ERPNext 12.18.0 / 13.0.0 SQL Injection

Trovent Security Advisory 2103-01 Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Overview Advisory ID: TRSA-2103-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-01 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta...

7.4AI score
Exploits0
CVE
CVE
added 2021/05/06 12:51 p.m.63 views

CVE-2021-1515

CVE-2021-1515 concerns Cisco SD-WAN vManage Information Disclosure. Multiple connected sources describe an unauthenticated, adjacent attacker exploiting improper access controls on API endpoints in multi-tenant mode to access sensitive information, potentially including hashed credentials. Affect...

4.3CVSS4.5AI score0.00367EPSS
Exploits0References1Affected Software1
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/05/05 5:23 a.m.198 views

Tour de Peloton: Exposed user data

An unauthenticated user could view sensitive information for all users, and snoop on live class statistics and its attendees, despite having a private mode. TL;DR Information disclosed included: - User IDs - Instructor IDs - Group Membership - Location - Workout stats - Gender and age - If they a...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2021/04/30 7:56 p.m.17 views

CVE-2021-31926

AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTPS request directly to the applicable API endpoint despite not having permission to make changes to the system's network...

6.4AI score0.00888EPSS
Exploits1References1
Veracode
Veracode
added 2021/04/29 12:5 p.m.38 views

CVE-2021-28148

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service DoS...

7.5CVSS2.3AI score0.03497EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2021/04/29 12:0 a.m.6 views

China Mobile An Lianbao WF-1 router 操作系统命令注入漏洞

China Mobile An Lianbao WF-1 router is a router from China Mobile China. China Mobile An Lianbao WF-1 router 1.0.1 suffers from an operating system command injection vulnerability, which originates from api/zrDm/setzrDm, that can be exploited by a remote attacker to execute arbitrary commands via...

8.8CVSS8.5AI score0.02884EPSS
Exploits1References4
Rows per page
Query Builder