GHSA-WQHW-FRPX-5MMP Command Injection in tomato

All versions of tomato are vulnerable to Command Injection. The /api/exec endpoint does not validate user input allowing attackers to run arbitrary commands in the system. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

Command Injection in tomato

All versions of tomato are vulnerable to Command Injection. The /api/exec endpoint does not validate user input allowing attackers to run arbitrary commands in the system. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

New Relic: Sending thousands of notifications with single request

Hello, while testing your mobile api an endpoint got my attention. This endpoint was: https://api.newrelic.com/api/ios/v3/devices/update.json?operation=register I immediately checked if server is validating the integrity of data or not. After finding out there is no validation, I added around 500...

Uber: Critical Information disclosure of rtapi token for any user via https://video-support-staging.uber.com/video/api/getPopulousUser

The researcher has identified that the API endpoint can be leveraged to return a sensitivetoken that can be leveraged for access to rtapi endpoints. As example change x-uber-token value with the following found code:...

CVE-2020-16165

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters...

Atlassian Jira < 8.5.5 / 8.6.x < 8.7.2 / 8.8.x < 8.8.1 Improper authorization

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.5, or version 8.6.x prior to 8.7.2, 8.8.x prior to 8.8.1. It is, therefore, affected by a Improper authorization vulnerability. It allow remote attackers to enumerate...

PT-2020-14425 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the ajax dis...

Acronis: Account Takeover on unverified emails in File Sync & Share

Summary The name change functionality in File Sync & Share is expected to change the name in File Sync & Share. But the API endpoint used in it also allows changing email to any email without having to verify the email. The login email stays the same but the email within File Sync & Share...

CVE-2017-18915

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access...

CVE-2017-18916

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access...

CVE-2017-18916

Mattermost Server contains an API endpoint access control vulnerability. Affected versions are Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The root cause is that API endpoint access control does not honor an integration permission restriction, potentially allowing improper access to integra...

CVE-2017-18916

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction...

CVE-2017-18915

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access...

Curve: Sensitive Info Leak - An Attacker Can Retrieve All the Users Mobile Numbers at https://website-api.production.curve.app/api/waitlist/us

Hi, When am going through all the JS files in curve.com I found a link called "/usa" is used to create Curve USA Waitlists by entering your name, email address, mobile number and address details. F874173 Then there is a functionality called "Track my Position" by using which joined users can view...

CVE-2020-2191

Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels...

UPDATE: Empire v3.2.2

Empire v3.2.2 was released a couple of days ago! If you remember, I briefly mentioned about this tool in my five month old post titled – List of Open Source C2 Post-Exploitation Frameworks. This version adds a newer Mimikatz version with a new API endpoint. What is Empire? Empire 3.0 is an open...

GitLab: Stored XSS on PyPi simple API endpoint

Summary The recently released PyPi package feature has a new endpoint at /api/:version/projects/:id/packages/pypi/simple/packagename which exposes an HTML page listing the package versions. The packagelink's are generated using the following code: packagepresenter.rbL50 ruby def packagelinkurl,...

CVE-2020-11515

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs that redirect to an external web site via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the...

Open redirect

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs that redirect to an external web site via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the...