LiquidFiles 3.5.13 Privilege Escalation

=============================================================================== title: LiquidFiles Privilege Escalation product: LiquidFiles v3.5.13 vulnerability type: Privilege Escalation severity: Medium CVSSv3 score: 6.7 CVSSv3 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L found: 2021-10-29 by:...

Samsung SmartThings Privilege Management Vulnerability (CNVD-2025-02721)

Samsung SmartThings is an app from Samsung South Korea that connects smart devices. A privilege management vulnerability exists in Samsung SmartThings versions prior to 1.7.73.22, which stems from improper privilege management of the API key used by SmartThings, and can be exploited by an attacke...

CVE-2021-25508

Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation...

CVE-2021-25508

Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation...

Privilege escalation

Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation...

CVE-2021-25508

Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation...

CVE-2021-39341

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the loggedinorhasapikey function in the /OMAPI/RestApi.php file that can used to exploit inject malicious web scripts on sites with...

CVE-2021-41191

Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @requireapikey in BOT/lib/cogs/website.p...

Code injection

Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @requireapikey in BOT/lib/cogs/website.p...

CVE-2021-41191

Summary of CVE-2021-41191 Roblox-Purchasing-Hub (open-source) had a vulnerability in versions 1.0.1 and earlier allowing someone who has another user’s API URL to obtain product files without an API key. The issue has been fixed in version 1.0.2. A workaround mentioned in the sources is to add an...

Exploit for Path Traversal in Apache Http_Server

Apachuk - CVE-2021-41773 Grabber with Shodan Grabber Apache Di...

CVE-2021-29906

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630...

CVE-2021-29906

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630...

CVE-2021-29906

CVE-2021-29906 – IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when configured to use an IBM Cloud API key to connect to cloud-based connectors. The vulnerability arises because the container image/hash may include the IBM Cloud API key used b...

CVE-2021-29906

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630...

Covert-Tube - Youtube As Covert-Channel - Control Systems Remotely And Execute Commands By Uploading Videos To Youtube

A program to control systems remotely by uploading videos to Youtube using Python to create the videos and the listener, emulating some malware I was reading about. It allows to create videos with frames formed of simple text, QR codes with cleartext or QR codes using AES encryption. Create a vid...

Security Bulletin: IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors (CVE-2021-29906)

Summary IBM App Connect Enterprise may include the hash of an IBM Cloud API key that is used by an Integration Server in the Pod definition of that Integration Server. This is only present if the Integration Server is configured to communicate with the cloud-based connectors in a cloud instance o...

API Key Authentication Succeeded

This is an informational notice that the scanner was able to successfully authenticate against the web application using the API key credentials provided in the scan policy. No source data...

API Key Authentication Failed

This plugin is raised when the scanner has not been able to authenticate against the web application using the API key credentials provided in the scan policy. Check the output of the plugin to get an explanation of the issue encountered by the scan. No source data...

Exploit for OS Command Injection in Eyesofnetwork

This is an exploit module for EyesOfNetwork 5.1 to 5.3, a network monitoring and management tool. The exploit targets three vulnerabilities: CVE-2020-8654, CVE-2020-8655, and CVE-2020-9465. CVE-2020-8654 is a discovery module that allows arbitrary OS commands to be run. The exploit uses the targe...