61 matches found
CVE-2023-49231
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token...
CVE-2023-49231
An authentication bypass affecting Stilog Visual Planning 8 (pre-build 240207) is documented. A wildcard injection inside a prepared SQL statement in the REST API v2.0 enabled attackers to exfiltrate the REST API key and obtain an administrative API token, granting unauthenticated admin access. T...
Exploit for CVE-2023-31711
CVE-2023-31711 Incorrect Access Control in ZKTECO allows...
OpenStack Keystone Allows Remote User Account Creation
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...
CVE-2021-4133
Keycloak vulnerability CVE-2021-4133 affects versions 12.0.0 up to, but not including, 15.1.1. An attacker with an existing user account can create new default user accounts via the administrative REST API even when new user registration is disabled, due to improper authorization validation in th...
CVE-2019-12182
Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API...
Directory traversal
Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API...
CVE-2019-12182
Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API...
CVE-2019-12182
CVE-2019-12182 describes a Directory Traversal vulnerability in Safescan Timemoto and TA-8000 series (version 1.0) that allows unauthenticated remote code execution via the administrative API. Affected product family is Safescan Timemoto/TA-8000, with identifiers appearing across NVD, Red Hat, CN...
CVE-2019-12183
Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API...
Improper access control
Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API...
CVE-2019-12183
Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API...
CVE-2019-12183
CVE-2019-12183 affects Safescan Timemoto TM-616 and TA-8000 series. Description: Incorrect Access Control in the administrative API can let remote attackers read arbitrary files. Root cause: improper access controls in the admin API; impacts are partial confidentiality loss (read access) with net...
Authorization Bypass
Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...
Arbitrary Code Execution
Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...
CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability
Document Title ================ Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability Affected Products =================== Vendor: Tripwire Software/Appliance: IP360 VnE Vulnerability Manager Affected verified versions: v7.2.2 - v7.2.5 CVE =====...
DEBIAN-CVE-2012-3542
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...
CVE-2012-3542
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...
Open redirect
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...
CVE-2012-3542
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...