1998 matches found
CVE-2020-5194
CVE-2020-5194 affects Cerberus FTP Server 8 where the zip API endpoint (file/ajax_download_zip/zip_name) permits an authenticated user without zip permission to use the zip function via an unrestricted API endpoint due to improper permission verification. The result is that such a user can zip an...
AntiDisposmail - Detecting Disposable Email Addresses
Antbot.pw provides a free, open API endpoint for checking a domain or email address against a frequently-updated list of disposable domains. CORS is enabled for all originating domains, so you can call the API directly from your client-side code. GET https://antibot.pw/api/[email protected]...
CVE-2019-3990
A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality...
CVE-2019-3990
A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality...
Design/Logic Flaw
A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality...
PT-2019-15743 · Tp Link +1 · Tp-Link Archer C7 +1
Name of the Vulnerable Software and Affected Versions: OpenWrt version 18.06.4 Description: The issue allows for XSS via the Name fields in the /cgi-bin/luci/admin/network/firewall/rules API endpoint, specifically in the "Open ports on router", "New forward rule", and "New Source NAT" fields. Thi...
CVE-2019-8138
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...
CVE-2019-8138
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...
Cross site scripting
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...
CVE-2019-8138
A stored cross-site scripting XSS vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can execute arbitrary JavaScript code by providing arbitrary API endpoint that will not be chcecked by sale pickup event...
Snapchat: Bypass Rate Limits on app.snapchat.com API Endpoint via X-Forwarded-For Header
An attacker can bypass the rate limiting in place at app.snapchat.com by setting the X-Forwarded-For header to 127.0.0.1 in POST requests to app.snapchat.com/storieseverywhere/downloadsms and several other endpoints. This bypasses the controls in place for this endpoint, which appears to have...
CVE-2019-13025
Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST HTTP request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable mod...
CVE-2019-13025
Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST HTTP request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable mod...
Mail.ru: Information Disclosure [ https://curious.ru/api/submissions ]
API endpoint at curious.ru disclosed e-mails of subscribed users...
Atlassian Jira Issue Key Information Disclosure Vulnerability
Summary An issue key information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid issue keys and invalid issue keys via the /rest/api/1.0/render API endpoint. Tested Versions Atlassian Jira 7.6.4 Atlassian Jira 8.1.0...
GHSA-XF27-JQWV-GF3R Unintended Require in larvitbase-api
Versions of larvitbase-api prior to 0.5.4 are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation Upgrade to...
Mail.ru: CSRF in attach phone API endpoint on delivery-club.ru
Legacy delivery-club.ru API endpoint allowed to attach arbitrary phone without checking the validation code and without additional CSRF protection...
Unintended Require
Overview All versions of larvitbase-www are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation No fix is...
Local File Inclusion
larvitbase-www is vulnerable to local file inclusion. The package uses an exposed API endpoint that accepts an unvalidated GET parameter to a require function call. This could potentially allow a remote attacker to execute any .js files within the web server. Successful exploitation causes the...
Local File Inclusion
larvitbase-api is vulnerable to local file inclusion. The package uses an exposed API endpoint that accepts an unvalidated GET parameter to a require function call. This could potentially allow a remote attacker to execute any .js files within the web server. Successful exploitation causes the...