CVE-2020-19007

Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser...

Insecure Direct Object Reference vulnerability in the mysonicwall.com add-user API

An insecure direct object reference vulnerability has been identified in the users/add-user API endpoint of mysonicwall.com. This could allow a normal authenticated mysonicwall user to manipulate API parameter and gain access to user group of tenant of any other mysonicwall user account. CVE: N/A...

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

...

Grandstream GWN7000 Arbitrary OS Command Execution Vulnerability

The Grandstream GWN7000 is an enterprise-class multi-WAN Gigabit VPN router. An arbitrary OS command execution vulnerability exists in the Grandstream GWN7000 version 1.0.9.4 and earlier. The vulnerability stems from the fact that the product allows an authenticated remote user to modify the...

ActiveMQ Artemis management API Password Disclosure Vulnerability

Apache ActiveMQ Artemis is the United States Apache Apache Software Foundation, a project to provide embedded messaging services for Java applications. A password disclosure vulnerability exists in the ActiveMQ Artemis management API product, which stems from the program storing passwords in...

CVE-2017-18919

An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation...

The vulnerability of the /rpc/api component of the Red Hat Spacewalk system management software allows a attacker to disclose sensitive information, cause service failures, or execute arbitrary code.

The vulnerability of the /rpc/api component of the Red Hat Spacewalk software suite relates to incorrect restrictions on XML links to external objects. Exploitation of this vulnerability could allow a malicious actor to disclose sensitive information, cause service failures, or execute arbitrary...

DRUPAL-CORE-2020-006

JSON:API PATCH requests may bypass validation for certain fields. By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the readonly set to FALSE under jsonapi.settings config are vulnerable...

CVE-2020-11999

Rockwell Automation CVE-2020-11999 affects FactoryTalk Linx software versions 6.00/6.10/6.11 and related components (RSLinx Classic, CCS Workbench, ControlFLASH/ControlFLASH Plus, FactoryTalk Asset Centre, Linx CommDTM, Studio/Logix tools). The root cause is improper input validation in an expose...

F5 NGINX Controller Cross-Site Scripting Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A cross-site scripting vulnerability exists in the NGINX Controller API in F5 NGINX Controller versions 3.3.0 throu...

CVE-2020-10755

OpenStack Cinder CVE-2020-10755 affects multiple OpenStack Cinder releases prior to specific upgrades (14.1.0 for 14.x, 15.2.0 for 15.x, 16.1.0 for 16.x) when using Dell EMC ScaleIO or VxFlex OS backends. The vulnerability exposes backend credentials in the connection_info of Block Storage v3 Att...

The vulnerability of the C API component of the MySQL Database Management System client, which allows a hacker to trigger a service failure.

The vulnerability of the C API component of the MySQL Database Management System client is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to cause service interruptions using the MySQL Protocol network protocol...

Unclamping the Barnacle

You may have seen the furore around the Barnacle windscreen-based parking clamp back in January this year. It’s a different approach that allows the clamp to be unlocked remotely, so you don’t need the clamp company to come remove it for you. If you’re not familiar with the device here’s a video...

Privilege escalation

GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API...

EspoCRM 5.8.5 - Privilege Escalation

Exploit Title: EspoCRM 5.8.5 - Privilege Escalation Author: Besim ALTINOK Vendor Homepage: https://www.espocrm.com Software Link: https://www.espocrm.com/downloads/EspoCRM-5.8.5.zip Version: v5.8.5 Tested on: Xampp Credit: İsmail BOZKURT ------------- Details:...

CVE-2020-12051

The CentralAuth extension through REL134 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied wh...

EulerOS Virtualization 3.0.2.2 : openssl (EulerOS-SA-2020-1444)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for...

Unspecified Vulnerability in Oracle MySQL Client (CNVD-2020-26990)

MySQL Client is a MySQL client, a program used to communicate with the server to process information in a database managed by the server. A security vulnerability exists in the C API component in Oracle MySQL Client versions 5.6.47, 5.7.27, 8.0.17 and earlier. An attacker could exploit this...

Rocket.Chat: account takeover on 3.0.1 version

I find user reset password hash info and other security info on "/api/v1/users.info" note : I login on rocketchat with ldap account my role : user note: in request "https://target/api/v1/users.info?username=xhttps://target/api/v1/users.info?username=%5Bx%5D" you should change usrname to userId 1-...

CVE-2019-19946

The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team...