PT-2022-23824 · D Link · Dir-816

Name of the Vulnerable Software and Affected Versions: D-link DIR-816 A2 version 1.10CNB04 Description: The issue is related to command injection via the /goform/NTPSyncWithHost API endpoint. This allows for potential malicious commands to be executed. There is no information provided about the...

PT-2022-4568 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.10 through 15.1.6 GitLab CE/EE versions 15.2 through 15.2.4 GitLab CE/EE versions 15.3 through 15.3.2 Description: A vulnerability in GitLab CE/EE allows an authenticated user to achieve remote code execution via the...

PT-2022-23480 · Unknown · Pagekit Cms

Name of the Vulnerable Software and Affected Versions: Pagekit CMS version 1.0.18 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under the "/blog/post/edit" API endpoint. The Markdow...

PT-2022-23449 · Unknown · Kensite Cms

Name of the Vulnerable Software and Affected Versions: Kensite CMS version 1.0 Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities can be exploited via the name and oldname parameters at the "/framework/mod/db/DBMapper.xml" API endpoint. Recommendations:...

PT-2022-23459 · Unknown · Edoc-Doctor-Appointment-System

Name of the Vulnerable Software and Affected Versions: Edoc-doctor-appointment-system version 1.0.1 Description: The issue is related to a reflected cross-site scripting XSS vulnerability. This vulnerability is located at the "/patient/index.php" API endpoint and allows attackers to execute...

PT-2022-23546 · Unknown · Simple Task Scheduling System

Name of the Vulnerable Software and Affected Versions: Simple Task Scheduling System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/classes/Master.php?f=delete category" API endpoint. Recommendation...

CVE-2022-36804

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before...

PT-2022-23909 · Tenda · Tenda Ax12

Name of the Vulnerable Software and Affected Versions: Tenda AX12 version V22.03.01.21 CN Description: The issue is related to a Buffer Overflow that occurs in the sub 42FDE4 function. This function handles POST requests under the "/goform/SetIpMacBind" API endpoint, which is triggered by the sub...

PT-2022-16224 · Ece · Ece

Name of the Vulnerable Software and Affected Versions: ECE versions prior to 3.4.0 Description: A flaw in ECE might lead to the disclosure of sensitive information, such as user passwords and Elasticsearch keystore settings values, in logs like the audit log or deployment logs in the Logging and...

PT-2022-24084 · Tenda · Tenda Ac1206

Name of the Vulnerable Software and Affected Versions: Tenda AC1206 version 15.03.06.23 Description: A stack overflow issue was discovered via the page parameter in the fromDhcpListClient function. Recommendations: For Tenda AC1206 version 15.03.06.23, consider disabling the fromDhcpListClient...

PT-2022-23796 · Totolink · Totolink A7000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A7000R version 9.1.0u.6115 B20201022 Description: A command injection issue was found in the setting/setTracerouteCfg API endpoint, specifically via the command parameter. Recommendations: For version 9.1.0u.6115 B20201022, as a...

PT-2022-23579 · Unknown · Library Management System

Name of the Vulnerable Software and Affected Versions: Library Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/changestock.php" API endpoint. Recommendations: For Library...

PT-2022-8644 · Zoho · Manageengine Analytics Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Analytics Plus versions prior to 4350 Description: A Directory Traversal issue exists due to the ZDBQAREFSUBDIR parameter in the "/zropusermgmt" API endpoint. This allows remote attackers to potentially run arbitrary code...

PT-2022-22901 · Tenda · Tenda W6

Name of the Vulnerable Software and Affected Versions: Tenda W6 version 1.0.0.94122 Description: A stack overflow issue exists in the "/goform/wifiSSIDget" API endpoint, which can be exploited by attackers to cause a denial of service DoS via the index parameter. Recommendations: For Tenda W6...

PT-2022-22204 · Unknown · Barangay Management System

Name of the Vulnerable Software and Affected Versions: Barangay Management System version 1.0 Description: A SQL injection issue was found in the Barangay Management System. The vulnerability can be exploited via the hidden id parameter at the "/pages/permit/permit.php" API endpoint...

CVE-2022-36129

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...

CVE-2022-36129

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...

Security Bulletin: IBM Engineering Lifecycle Management is vulnerable(Server-Side Request Forgery vulnerability) when requesting resource over an API endpoint to verify URls from target application server.(CVE-2021-20421)

Summary Summary guidance: - There is Server-Side Request Forgery vulnerability when requesting resource over an API endpoint to verify URLs from target application server. Vulnerability Details CVEID: CVE-2021-20421 DESCRIPTION: IBM Jazz Foundation is vulnerable to server-side request forgery SSR...

PT-2022-3879 · Robustel · Robustel R1510

Name of the Vulnerable Software and Affected Versions: Robustel R1510 version 3.3.0 Description: The issue is related to command injection vulnerabilities in the web server action endpoints functionalities. A specially-crafted network request can lead to arbitrary command execution. The...

PT-2022-3878 · Robustel · Robustel R1510

Name of the Vulnerable Software and Affected Versions: Robustel R1510 version 3.3.0 Description: The issue is related to command injection vulnerabilities in the web server action endpoints functionalities. A specially-crafted network request can lead to arbitrary command execution. The...