CVE-2021-28148

One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service DoS...

CVE-2021-26069

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/id/ActionsAndOperations API endpoint. The affected versions are before...

Information disclosure

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/id/ActionsAndOperations API endpoint. The affected versions are before...

CVE-2021-26069

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/id/ActionsAndOperations API endpoint. The affected versions are before...

Atlassian JIRA Data Center 注入漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is an information disclosure vulnerability...

Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products

What’s up? On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations. They are detailed below: Cisco ACI Multi-Site Orchestrator Application...

Authentication flaw

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...

CVE-2020-16629

PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path...

Cisco Data Center Network Manager SQL Injection Vulnerability (CNVD-2021-09940)

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A SQL injection vulnerability exists in the REST API endpoint of Cisco Data Center...

Cisco Data Center Network Manager Path Traversal Vulnerability (CNVD-2021-09308)

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A path traversal vulnerability exists in one of the REST API endpoints in Cisco Da...

Enjin: Unrestricted Upload of File with Dangerous Type

The security researcher was able to execute CWE-434: Unrestricted Upload of File with Dangerous Type through a legacy API endpoint used to upload images. This file was directly upload to our CDN with the appropriate MIME time of the file...

h1-ctf: A Visit from The Grinch ~ 'Twas the night before Hackmas...

Foreword This was an amazing CTF! The first from Hackerone that I've finished and one that I have enjoyed the most. Huge shout out to @adamtlangley for creating this downright poetic challenge. My whopping 20+ invitations are already being put to good use. Hacky Holidays and Merry Hackmas! Flag 1...

h1-ctf: Hacky Holidays Writeup

On December 12th, 2020, the CTF became live and the scope that we are allowed to attack was In Scope Domain - hackyholidays.h1ctf.com Our main motive was to infiltrate his network and take him down. The challenges appeared one by one till 24th of December. Here we will be going through all the...

U.S. Dept Of Defense: Sending trusted ████ and ██████████ emails through public API endpoint in ███████ site

Summary: A publicly accessible endpoint at PUT https://████████does not validate any of its four parameters: to, from, subject, text. This enables sending email to any address, with any content, with any from address, on a server that is in ██████whitelist. Such services include, but are not...

h1-ctf: [h1-ctf] 12 Days of Adventure to stop Grinch from ruining Christmas

--------------------------------------------------------------------------------------------------------------------------------------------------- Day 1: https://hackyholidays.h1ctf.com/robots.txt User-agent: Disallow: /s3cr3t-ar3a Flag: flag48104912-28b0-494a-9995-a203d1e261e7 Here we go with t...

CVE-2020-35579

tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a reque...

Cross site request forgery (csrf)

tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a reque...

CVE-2020-35579

CVE-2020-35579 affects tindy2013 subconverter 0.6.4. The API endpoint /sub?target=%TARGET%&url=%URL%&config=%CONFIG% accepts an arbitrary URL value and issues a GET request for it, but does not account for the external request target redirecting back to the original /sub endpoint. This can create...

CVE-2020-35579

tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a reque...

CVE-2020-26176

An issue was discovered in tangro Business Workflow before 1.18.1. No or broken access control checks exist on the /api/document//attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to...