2005 matches found
CVE-2023-5160 Full name disclosure via team top membership with Show Full Name option disabled
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAMID/top/teammembers endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled...
CVE-2023-43662
ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...
Deserialization of untrusted data
Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the networktraffic API endpoint. An attacker can leverage this vulnerability to execute...
No rate limit on sending magic link to sign-in
Description It was observed that rate limit is not being implemented on sending magic link , which allows an attacker to spam the victims mailbox. Affected URL : https://app.vrite.io/api/v1/auth.sendMagicLink?batch=1 Proof of Concept 1. Visit - https://app.vrite.io/auth 2. select option "continue...
Remote Code Execution
FUXA is vulnerable to Remote Command Execution. The vulnerability is due to the lack of sanitization on user supplied input which allows use of dangerous methods at the following affected API route /api/runscript. This can be exploited by an attacker by passing malicious user input to the followi...
PT-2023-28810 · Unknown +1 · Hoteldruid +1
Name of the Vulnerable Software and Affected Versions: Hoteldruid version 3.0.5 Description: A SQL injection vulnerability was discovered in Hoteldruid via the n utente agg parameter at the "/hoteldruid/interconnessioni.php" API endpoint. This issue allows for SQL injection attacks, potentially...
Design/Logic Flaw
A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...
The vulnerability in the HTTP request basket service interface allows a attacker to perform an SSRF attack.
The vulnerability of the web service interface for collecting and checking HTTP requests related to Request Baskets is related to insufficient validation of incoming requests when processing the name parameter /api/baskets/name. Exploiting this vulnerability allows a malicious actor to perform an...
Design/Logic Flaw
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of prope...
Design/Logic Flaw
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validati...
CVE-2023-4613
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...
PT-2023-27974 · Tenda · Tenda Ac7 +2
Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 1.0 V15.03.06.44 Tenda AC9 version 3.0 V15.03.06.42 multi Tenda AC5 version 1.0RTL V15.03.06.28 Description: A stack overflow issue was discovered via the parameter list at the "/goform/SetIpMacBind" API endpoint. This issue...
PT-2023-27976 · Tenda · Tenda Ac7
Name of the Vulnerable Software and Affected Versions: Tenda AC7 version V15.03.06.44 Description: A stack overflow issue was discovered via the timeZone parameter at the "/goform/SetSysTimeCfg" API endpoint. This issue affects the Tenda AC7 router. Recommendations: For Tenda AC7 version...
Cross-site Scripting (XSS)
github.com/prometheus/alertmanager is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of HTML sanitization in the generatorURL field of Alert.elm, which allows an attacker to inject and execute malicious JavaScript by sending a POST request to the /api/v1/alerts...
Information Disclosure
Datasette is vulnerable to Information Disclosure. The vulnerability exists because it does not check permissions when viewing the /-/api endpoint, resulting in databases and tables disclosure to unauthenticated users...
PT-2023-27692 · Tenda · Tenda Ac8
Name of the Vulnerable Software and Affected Versions: Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description: A stack overflow issue was discovered, which can be triggered via the macFilterType and deviceList parameters at the "/goform/setMacFilterCfg" API endpoint. Recommendations: For Tend...
PT-2023-27690 · Tenda · Tenda Ac8
Name of the Vulnerable Software and Affected Versions: Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description: A stack overflow issue was discovered via the mac parameter at the "/goform/GetParentControlInfo" API endpoint. This issue affects the Tenda AC8 router. Recommendations: For Tenda AC...
PT-2023-27694 · Tenda · Tenda Ac8
Name of the Vulnerable Software and Affected Versions: Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description: A stack overflow issue was discovered via the parameter list at the "/goform/SetNetControlList" API endpoint. This issue affects the Tenda AC8 router. Recommendations: For Tenda AC8...
PT-2023-27688 · Tenda · Tenda Ac8
Name of the Vulnerable Software and Affected Versions: Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description: A stack overflow issue was discovered via the parameter list at the "/goform/SetStaticRouteCfg" API endpoint. This issue affects the Tenda AC8 router. Recommendations: For Tenda AC8...