CVE-2020-3956

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to...

Access to all question drafts in private spaces via API

h3. Issue Summary Questions leak information through private space https://asecurityteam.atlassian.net/browse/BOUNTY-2559 h3. Steps to Reproduce Access to questions in spaces is limited to those users that have access to the space. However, question drafts in a restricted space can be accessed by...

DEBIAN-CVE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

CVE-2020-11710

An issue was discovered in docker-kong for Kong through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1 Inaccurate Bug Scope - The issue scope was...

Command injection

SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials...

CVE-2019-18785

SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles API access tokens and credentials...

Mail.ru: [api.33slona.ru] Доступ к API из за неправильной конфигурации сервера 302 редирет.

A 302 reply for non-authenticated request to api.33slona.ru could leak some static content with HTML body...

EyesOfNetwork AutoDiscovery Target Command Execution Exploit

This Metasploit module exploits multiple vulnerabilities in EyesOfNetwork version 5.3 and prior in order to execute arbitrary commands as root. This module takes advantage of a command injection vulnerability in the target parameter of the AutoDiscovery functionality within the EON web interface ...

EyesOfNetwork AutoDiscovery Target Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EyesOfNetwork AutoDiscovery Target Command Execution', 'Description' = %q This module exploits multiple vulnerabilities in EyesOfNetwork version...

TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Vulnerability

Exploit for hardware platform in category web applications Exploit Title: TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Exploit Author: PCEumel Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.tp-link.com/us/support/download/tl-sg105e/Firmware Version: TP-Link...

api.fsapp.io Improper Access Control vulnerability

Security Researcher devl00p Helped patch 2581 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting api.fsapp.io website and its users. Following coordinate...

CVE-2019-17558

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

CVE-2019-17558

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

CVE-2019-17558

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially...

PT-2019-5683 · Apache +1 · Apache Solr +1

Name of the Vulnerable Software and Affected Versions: Apache Solr versions 5.0.0 through 8.3.1 Description: The issue is related to insufficient input validation in the VelocityResponseWriter component of Apache Solr, allowing for remote code execution. A Velocity template can be provided throug...

Apache NiFi Code Issue Vulnerability

Apache NiFi is a data processing and distribution system of the American Apache Apache Software Foundation. The system is primarily used for data routing, transformation and system intermediary logic. A code issue vulnerability exists in Apache NiFi versions 1.0.0 through 1.9.2, which can be...

CVE-2019-18611

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been abl...

Total.js CMS Elevation of Privilege Vulnerability

Total.js CMS is a Node.js content management system. Total.js CMS 12.0.0 suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain access to other resources by calling the associated API...

Vanilla: Conversation API Leaks Details Of UnAuthorized Conversations

Summary: If a user creates a conversations, and then leaves, all API calls and web access to that conversation is locked down. Except for one particular API call which allows you to see details about ongoing conversations you have since left as long as you created the conversation in the first...

Unpatched Flaws in IoT Smart Deadbolt Open Homes to Danger

UPDATE Researchers have uncovered vulnerabilities in a popular smart deadbolt could allow attackers to remotely unlock doors and break into homes. The manufacturer behind the smart lock, Hickory Hardware, has deployed patches to the affected apps on the Google Play Store and Apple App Store. The...