Privilege Escalation

github.com/goharbor/harbor is vulnerable to privilege escalation. The API call to update user profile is not validated, allowing an attacker to modify the email address of another user and subsequently perform a successful password reset to gain access to that user's account...

VMware Harbor 1.7.x, 1.8.x < 1.8.6 / 1.9.x < 1.9.3

The version of VMware Harbor installed on the remote host is 1.7.x or 1.8.x prior to 1.8.6 or 1.9.x prior to 1.9.3. It is, therefore, affected multiple vulnerabilities, including the following: - A privilege escalation vulnerability that allows an authenticated, normal user to gain administrative...

Zbrunk search launcher and event types statistics

I also changed the priorities. Now I think it would be better not to integrate with Grafana, but to create own dashboards and GUI. And to begin with, I created a simple interface for Searching and Deleting events. upd. 16.12.2019 A small update on Zbrunk. First of all, I created a new API call th...

cPanel Security Feature Issue Vulnerability (CNVD-2019-36154)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security signature issue vulnerability exists in versions prior to cPanel 71.9980.37. An attacker can exploit the vulnerability...

cPanel Security Feature Issue Vulnerability (CNVD-2019-36152)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security signature issue vulnerability exists in versions prior to cPanel 71.9980.37. The vulnerability can be exploited by an...

Totaljs CMS 12.0 Improper Access Control

Author/Discoverer: Riccardo Krauter @CertimeterGroup + Title: Totaljs CMS Broken Access Control on the API call + Affected software: Totaljs CMS 12.0 + Description: An authenticated user with limited privileges can get access to resource that did not own by calling the associated API. The CMS...

CVE-2017-18469

cPanel before 62.0.17 allows demo accounts to execute code via an NVDatafetchinc API call SEC-233...

Code injection

cPanel before 62.0.17 allows demo accounts to execute code via an NVDatafetchinc API call SEC-233...

Design/Logic Flaw

In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call...

CVE-2017-18436

cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call SEC-239...

CVE-2017-18439

cPanel before 64.0.21 allows demo accounts to execute code via an ImageManagerdimensions API call SEC-243...

CVE-2019-1010246

MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure e.g. username, password. The component is: The API call in the function allowAction in...

CVE-2019-1010246

CVE-2019-1010246 affects MailCleaner prior to c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9. The vulnerability is an unauthenticated disclosure of MySQL password information via the API call in the function allowAction() in NewslettersController.php, exploitable through an HTTP GET request. Impact is ...

Slok API

You may have read my previous post where I had a look at the SLOK padlock and found it had an interesting BLE interface which I couldn’t find a vulnerability for and a physical design that took seconds to work around. Anyway, I alluded to some weirdness from the API and an actual vulnerability in...

Trint Ltd: IDOR to update folder name of other user

Summary There is an IDOR to update folder name of other user Steps To Reproduce: - user A login to the application and see the folder name F494331 - user B login to the application and call the API with the projectId of user A POST / HTTP/1.1 Host: graphql2.trint.com User-Agent: Mozilla/5.0 Windo...

Authorization Bypass

github.com/seccomp/libseccomp-golang is vulnerable to authorization bypass. Adding multiple rules simultaneously with a single API call results in an AND relationship that matches only if all of the arguments match. This allows an attacker to bypass intended access restrictions by specifying...

Code injection

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

CVE-2019-10658

Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.updatendswebrootfromtmp updatendswebrootfromtmp API call...

CVE-2019-10656

Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply updatendswebrootfromtmp API call...

CVE-2019-10656

Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply updatendswebrootfromtmp API call...