63 matches found
CVE-2024-47053
This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated use...
CVE-2023-47871
Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through 1.1.6...
CVE-2024-45586
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...
iFrames Bypass Origin Checks for Tauri API Access Control
Impact Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the dangerousRemoteDomainIpcAccess in v1 and in the capabilities in v2. This bypasses the origin check and allows iFrames to access the IPC endpoints exposed to the parent...
MikroTik RouterOS Security Vulnerability
MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in PCs to enable them to provide router functionality. A security vulnerability exists in MikroTik RouterOS versions v7.1 through 7.11 that stems from the presence of a...
PT-2023-23574 · Unknown · Android Capture App +1
Name of the Vulnerable Software and Affected Versions: DHIS2 Core versions 2.35 through 2.36.12 DHIS2 Core versions 2.37 through 2.37.7 DHIS2 Core versions 2.38 through 2.38.1 DHIS2 Core versions 2.39 through 2.39.0 exclusive of 2.39.0, as 2.39.0 contains a fix Description: The issue arises when...
FortiSandbox / FortiDeceptor - Improper profile-based access control over APIs
An improper privilege management vulnerability CWE-269 in FortiSandbox & FortiDeceptor may allow a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests...
CVE-2022-37316
Archer Platform 6.8 before 6.11 P3 6.11.0.3 contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 6.10.0.3.1 is also a fixed release...
Improper access control
Archer Platform 6.8 before 6.11 P3 6.11.0.3 contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 6.10.0.3.1 is also a fixed release...
CVE-2021-34782
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An...
Cisco DNA Center 安全漏洞
Cisco DNA Center is a network management and command center service from Cisco USA. A security vulnerability exists in Cisco DNA Center that stems from improper access control to API endpoints. An attacker could exploit the vulnerability by sending specific API requests to the affected applicatio...
CVE-2021-22025
The vRealize Operations Manager API 8.x prior to 8.5 contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster...
CVE-2021-27944
Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload...
Microsoft Azure Active Directory again a “Leader” in Gartner Magic Quadrant for Access Management
Howdy folks, I’m proud to announce that for the fourth year in a row, Microsoft Azure Active Directory Azure AD has been recognized as a “Leader” in Gartner Magic Quadrant for Access Management, Worldwide. Earlier this year, my boss, Joy Chik, CVP of Identity Engineering shared Microsoft’s guidin...
Microsoft Azure Active Directory again a “Leader” in Gartner Magic Quadrant for Access Management
Howdy folks, I’m proud to announce that for the fourth year in a row, Microsoft Azure Active Directory Azure AD has been recognized as a “Leader” in Gartner Magic Quadrant for Access Management, Worldwide. Earlier this year, my boss, Joy Chik, CVP of Identity Engineering shared Microsoft’s guidin...
PT-2020-8462
Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 3.8.2 Mattermost Server versions prior to 3.7.5 Mattermost Server versions prior to 3.6.7 Description: The issue concerns API endpoint access control not honoring an integration permission restriction...
h1-ctf: [H1-2006 2020] Bypassing access control checks by modifying the URL, internal application state, or the HTML page, or using a custom API attack tool
H1-2006 CTF Writeup F859938 Summary: Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of...
api.fsapp.io Improper Access Control vulnerability
Security Researcher devl00p Helped patch 2581 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting api.fsapp.io website and its users. Following coordinate...
Unpatched Flaws in IoT Smart Deadbolt Open Homes to Danger
UPDATE Researchers have uncovered vulnerabilities in a popular smart deadbolt could allow attackers to remotely unlock doors and break into homes. The manufacturer behind the smart lock, Hickory Hardware, has deployed patches to the affected apps on the Google Play Store and Apple App Store. The...
Flexible and Controlled Openness: Carbon Black’s API Approach
At Carbon Black, we believe that making our customers successful requires both an open platform and the control they need to build endpoint protection into the ideal security processes they’ve designed for their specific organization. From maintaining relationships with our 100+ integration...