CVE-2022-29845

In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file...

PT-2022-19871 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions 21.1.0 through 21.1.1 Ipswitch WhatsUp Gold version 22.0.0 Description: The issue allows an authenticated user to invoke an API transaction to read the contents of a local file. Recommendations: For Ipswitch...

Progress Software WhatsUp Gold 代码问题漏洞

Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability in Progress Software WhatsUp Gold versions 17.0.0 through 21.1...

Information Disclosure

github.com/ipfs/go-ipfs is vulnerable to information disclosure. The vulnerability exists in docker-compose.yaml because the resulting list of listeners when running IPFS are either public or bound to public IPs which allows an attacker to gain admin API access to the IPFS node and control user...

Opened exploitable ports in default docker-compose.yaml in go-ipfs

Impact Allows admin API access to the IPFS node. Who ? This affects people running the docker-compose.yaml service in an environment where the docker host is directly attached to a public or untrusted IP. In the vulnerable version, the private API endpoint is publicly forwarded by exposing it as...

GHSA-FX5P-F64H-93XC Opened exploitable ports in default docker-compose.yaml in go-ipfs

Impact Allows admin API access to the IPFS node. Who ? This affects people running the docker-compose.yaml service in an environment where the docker host is directly attached to a public or untrusted IP. In the vulnerable version, the private API endpoint is publicly forwarded by exposing it as...

CVE-2022-26676

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...

CVE-2022-27919

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API...

CVE-2021-3814

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure...

Gradle 安全漏洞

Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. A security vulnerability exists in Gradle Enterprise that allows remote code execution. The configuration allows certain anonymous access to the administration and APIs.No detail...

PT-2022-18690 · Gradle · Gradle Enterprise

Name of the Vulnerable Software and Affected Versions: Gradle Enterprise versions prior to 2022.1 Description: The issue allows remote code execution if the installation process did not specify an initial configuration file, enabling certain anonymous access to administration and an API...

PT-2022-2681 · Pjsip +4 · Pjsip +4

Name of the Vulnerable Software and Affected Versions: PJSIP versions 2.12 and prior Description: The issue is related to a stack buffer overflow vulnerability in the PJSIP multimedia communication library, specifically affecting users of PJSUA2 or those who call the API endpoints pjmedia sdp pri...

Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure

The plugin does not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data Make a booking to get a customer account Login via API and get access token: curl...

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code...

CVE-2022-25089

Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEYLOCALMACHINE via UITasks.PersistentRegistryData...

The vulnerability of the software component responsible for creating, monitoring, and orchestrating data processing scripts in Airflow allows attackers to circumvent existing access restrictions and execute API requests without authentication.

The vulnerability of the software component responsible for creating, monitoring, and orchestrating data processing scripts in Airflow is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and execut...

Partial authorization bypass on document save in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with SCRIPT right EDIT right before XWiki 7.4 can save a document with the right of the current user which allow accessing API requiring programming right if the current user has...

GHSA-F4CJ-3Q3H-884R Partial authorization bypass on document save in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with SCRIPT right EDIT right before XWiki 7.4 can save a document with the right of the current user which allow accessing API requiring programming right if the current user has...

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming...

CVE-2022-23615 Partial authorization bypass on document save in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming...