VMware vRealize Operations Server-Side Request Forgery Vulnerability

VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid and multi-cloud environments that delivers IT operations management on autopilot. A server-side request forgery vulnerability in the VMware vRealize Operations Manager API prior to...

VMware vRealize Operations 代码问题漏洞

VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid and multi-cloud environments that delivers IT operations management on autopilot. A server-side request forgery vulnerability in the VMware vRealize Operations Manager API prior to...

Privilege escalation

Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation...

The vulnerability of the API component and the web interface of the Cisco Network Services Orchestrator software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the API component and the web interface of the Cisco Network Services Orchestrator software relates to incorrect restrictions on the path name to the directory. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected...

Sql injection

A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacke...

Cisco NX-OS Cross-Site Request Forgery Vulnerability

Cisco NX-OS is the network operating system for the Cisco Nexus family of Ethernet switches and the MDS family of Fibre Channel storage area network switches. A cross-site request forgery CSRF vulnerability exists in the NX-API feature of Cisco NX-OS. The vulnerability stems from insufficient CSR...

CVE-2021-26593

In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/id. For each call, they get in response a lot of information about the user such as email address, first name, and last name but also the secret for 2FA if one exists. This secret can be regenerated. NOTE...

CVE-2021-26685

A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attack...

The vulnerability of the REST API implementation of the network management system’s data center management module allows a attacker to execute arbitrary SQL commands.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

CVE-2021-22122

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack XSS by injecting malicious payload in different vulnerable API...

Cisco Managed Services Accelerator Denial of Service Vulnerability

Cisco Managed Services Accelerator MSX is a multi-tenant, multi-service, cloud-native service creation and delivery platform that enables service providers to quickly, easily, and cost-effectively develop and deliver hosted services to enterprise customers. A denial of service vulnerability exist...

CVE-2020-29004

The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack...

CVE-2021-22847

Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege...

Unspecified Vulnerability in Oracle MySQL Client (CNVD-2021-04752)

Oracle MySQL is an open source relational database management system.MySQL Client is a MySQL client, a program used to communicate with a server to process information in a database managed by the server. An unspecified vulnerability exists in the C API component in Oracle MySQL Client versions...

Unspecified Vulnerability in Oracle MySQL Client (CNVD-2021-04753)

Oracle MySQL is an open source relational database management system.MySQL Client is a MySQL client, a program used to communicate with a server to process information in a database managed by the server. An unspecified vulnerability exists in the C API component in Oracle MySQL Client versions...

Oracle MySQL 安全漏洞

Oracle MySQL is an open source relational database management system.MySQL Client is a MySQL client, a program used to communicate with a server to process information in a database managed by the server. An unspecified vulnerability exists in the C API component of Oracle MySQL Client 8.0.19 and...

Oracle MySQL 安全漏洞

Oracle MySQL is an open source relational database management system.MySQL Client is a MySQL client, a program used to communicate with a server to process information in a database managed by the server. An unspecified vulnerability exists in the C API component in Oracle MySQL Client versions...

Rust Competition Condition Problem Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust lockapi crate before 0.4.2, which stems from an unsound MappedRwLockReadGuard and may allow data contention...

CVE-2020-35586

Solstice Pod (before 3.3.0) and Solstice Open4.3 vulnerability where the Administrator password can be enumerated by brute-forcing the Open Control API endpoint /Config/service/initModel?password= due to no password complexity requirements. Affected products are Solstice Pod prior to 3.3.0 and So...

CVE-2020-35585

CVE-2020-35585 affects Solstice Pod before 3.3.0 (or Open4.3). A brute‑force enumeration flaw enables guessing the screen key via the /lookin/info Solstice Open Control API, with only ~1.7 million possibilities. This is the vulnerability described in the CVE; the connected documents confirm the A...