353 matches found
多款WSO2产品代码问题漏洞
WSO2 API Manager and others are products of WSO2, Inc. of the U.S. WSO2 API Manager is a suite of API lifecycle management solutions.WSO2 Identity Server IS is an identity server.WSO2 IS as Key Manager is a key manager. A security vulnerability exists in several WSO2 products that stems from an X...
CVE-2021-42646
CVE-2021-42646 is an XML External Entity (XXE) vulnerability in the file-based Service Provider Creation feature of the WSO2 Management Console. Affected: WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, 4.0.0; WSO2 Identity Server as Key Manager 5.7.0, 5.9.0, 5.10.0; WSO2 Identity Server 5.7.0, 5.8....
PT-2022-11651 · Wso2 · Wso2 Identity Server +2
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.6.0 through 4.0.0 WSO2 IS as Key Manager versions 5.7.0 through 5.10.0 WSO2 Identity Server versions 5.7.0 through 5.11.0 Description: The issue allows attackers to gain read access to sensitive information or caus...
CVE-2021-42646
XML External Entity XXE vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0...
XML Entity Expansion
WSO2 API Manager and API Microgateway are vulnerable to XML Entity Expansion attacks. The vulnerability exists due to XML Entity Expansion attacks and a lack of sanitization allowing an attacker to crash the system via an unauthenticated requests with a maliciously crafted XML file...
Exploit for Path Traversal in Wso2 Api_Manager
CVE-2022-29464 CVE-2022-29464 POC exploit https://github.com/...
WSO Arbitrary File Upload / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WSO2 Arbitrary File Upload to RCE', 'Description' = %q This module abuses a vulnerability in certain WSO2 products that allow unrestricted file...
WSO2 Arbitrary File Upload to RCE
This module abuses a vulnerability in certain WSO2 products that allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5....
Exploit for Path Traversal in Wso2 Api_Manager
CVE-2022-29464 CVE-2022-29464 POC exploit Usage shell us...
Exploit for Path Traversal in Wso2 Api_Manager
cve-2022-29464 Disclaimer The script is for learning purpos...
Exploit for Path Traversal in Wso2 Api_Manager
CVE-2022-29464 WSO...
Exploit for Cross-site Scripting in Wso2 Api_Manager
Proof of concept exploit for CVE-2022-29548: A reflected XSS iss...
Exploit for Path Traversal in Wso2 Api_Manager
nmap-CVE-2022-29464 nmap-CVE-2022-29464 is an NSE script for d...
Exploit for Path Traversal in Wso2 Api_Manager
CVE-2022-29464 WSO2 RCE CVE-2022-29464...
Exploit for Path Traversal in Wso2 Api_Manager
CVE-2022-29464 WSO2 RCE CVE-2022-29464...
Exploit for Path Traversal in Wso2 Api_Manager
WSO2 Carbon Server CVE-2022-29464 Pre-auth R...
Exploit for Path Traversal in Wso2 Api_Manager
CVE-2022-29464 WSO2 RCE CVE-2022-29464 exploit. Details C...
CVE-2022-29548
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0,...
Cross site scripting
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0,...
CVE-2022-29548
CVE-2022-29548 is a reflected Cross-Site Scripting (XSS) vulnerability in the WSO2 Management Console affecting API Manager and related products (e.g., API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0–3.2.0, 4.0.0; API Manager Analytics; API Microgateway; Data Analytics Server; Enterprise Integrator; IS as...