ThemeREX Addons Remote Code Execution Vulnerability

WordPress plugin ThemeREX Addons is a plugin that works with various ThemeREX themes, featuring several theme enhancements and widgets that extend the functionality of the theme in question. A remote code execution vulnerability exists in versions of ThemeREX Addons prior to 2020-03-09. The...

Mail.ru: [v7lk.relap.io] Sending arbitrary emails to any user

Mail sending API endpoint at relap.io was publicly accessible...

Information disclosure in Apache Superset

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset...

CVE-2020-1932

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset...

Information disclosure

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset...

PYSEC-2020-224

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset...

CVE-2020-1932

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset...

CVE-2019-19631

An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. A read-only user can...

CVE-2019-19631

An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. A read-only user can...

CVE-2019-19631

An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. A read-only user can...

CVE-2019-19631

Big Switch Networks’ vulnerability CVE-2019-19631 affects Big Monitoring Fabric (versions 6.2–6.2.4, 6.3–6.3.9, 7.0–7.0.3, 7.1–7.1.3), Big Cloud Fabric (4.5–4.5.5, 4.7–4.7.7, 5.0–5.0.1, 5.1–5.1.4) and Multi-Cloud Director (up to 1.1.0). A read-only user can access sensitive information via an API...

CVE-2019-17361

In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host...

CVE-2020-5194

The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajaxdownloadzip/zipname endpoint. The result is that a user without...

CVE-2020-5194

CVE-2020-5194 affects Cerberus FTP Server 8 where the zip API endpoint (file/ajax_download_zip/zip_name) permits an authenticated user without zip permission to use the zip function via an unrestricted API endpoint due to improper permission verification. The result is that such a user can zip an...

AntiDisposmail - Detecting Disposable Email Addresses

Antbot.pw provides a free, open API endpoint for checking a domain or email address against a frequently-updated list of disposable domains. CORS is enabled for all originating domains, so you can call the API directly from your client-side code. GET https://antibot.pw/api/[email protected]...

CVE-2019-3990

A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality...

CVE-2019-3990

A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality...

Design/Logic Flaw

A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality...

PT-2019-15743 · Tp Link +1 · Tp-Link Archer C7 +1

Name of the Vulnerable Software and Affected Versions: OpenWrt version 18.06.4 Description: The issue allows for XSS via the Name fields in the /cgi-bin/luci/admin/network/firewall/rules API endpoint, specifically in the "Open ports on router", "New forward rule", and "New Source NAT" fields. Thi...

CVE-2019-8138

A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...