PT-2023-5833 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 2.28.19 JumpServer versions prior to 3.6.5 Description: The issue is related to the exposure of the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, whi...

The vulnerability of the application software interface of ASUS RT-AX55, RT-AX56U, and RT-AC86U allows a hacker to execute arbitrary code.

The vulnerability of the application software interface of ASUS RT-AX55, RT-AX56UV2, and RT-AC86U lies in the use of uncontrolled format strings. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially created data...

Vulnerability of the software interface of the XWiki platform for creating collaborative web applications. The XWiki platform allows a perpetrator to execute arbitrary code.

The vulnerability of the software interface of the XWiki Platform for creating collaborative web applications is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability may allow a malicious actor, operating remotely, to execute arbitrary code...

CVE-2023-37486

Under certain conditions SAP Commerce OCC API - versions HYCOM 2105, HYCOM 2205, COMCLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and...

PT-2023-20641 · Ox Chat · Ox Chat

Name of the Vulnerable Software and Affected Versions: OX Chat affected versions not specified Description: The issue arises from the "OX Chat" web service not specifying a media-type when processing responses from external resources, allowing malicious script code to be executed within the...

PT-2023-12396 · Osnexus · Quantastor

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows an authenticated administrator to remotely execute arbitrary shell commands via the API. This could potentially lead to unauthorized access and control of the syste...

DEBIAN-CVE-2023-33466

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...

It-novum OpenITCOCKPIT SQL注入漏洞

It-novum OpenITCOCKPIT is an open source system monitoring tool from It-novum, Germany. A security vulnerability exists in it-novum openITCOCKPIT, which originates from an SQL injection via the sort parameter of the API interface...

PT-2023-22103 · Hid · Hid Safe

Name of the Vulnerable Software and Affected Versions: HID’s SAFE versions 5.8.0 through 5.11.3 Description: The External Visitor Manager portal of HID’s SAFE is vulnerable to manipulation within web fields in the application programmable interface API. An attacker could log in using account...

The vulnerability of the application software interface of Rockwell Automation’s ThinManager, related to insufficient encryption strength, allows a perpetrator to compromise the target system.

The vulnerability of the application software interface of Rockwell Automation’s ThinManager platform relates to insufficient encryption strength. Exploiting this vulnerability could allow a malicious actor to compromise the target system remotely...

The vulnerability of the application software interface of D-Link DIR-2150 router software allows a hacker to circumvent existing security restrictions.

The vulnerability of the application software interface for D-Link DIR-2150 routers is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...

CVE-2023-33355

IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information...

CVE-2023-2732

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers ...

Weaver e-cology 代码问题漏洞

Weaver e-cology is a collaborative management application platform from China's Panmicro Technology Weaver. A code issue vulnerability exists in Weaver e-cology versions prior to 9.0, which stems from a security issue in the function RequestInfoByXml in the component API, resulting in xml externa...

SAP Application Interface Framework Cross-Site Scripting Vulnerability

SAP Application Interface Framework SAP AIF is a German SAP SAP company's application program interface framework. A security vulnerability exists in the SAP Application Interface Framework that stems from the application allowing the use of HTML markup, which can be exploited by an attacker to...

CVE-2023-29110

The SAP Application Interface Message Dashboard - versions AIF 703, AIFX 702, S4CORE 100, 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker...

CVE-2023-29109

The SAP Application Interface Framework Message Dashboard - versions AIF 703, AIFX 702, S4CORE 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints...

Design/Logic Flaw

The SAP Application Interface Framework Message Dashboard - versions AIF 703, AIFX 702, S4CORE 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints...

CVE-2023-29112 Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)

The SAP Application Interface Message Monitoring - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limite...

CVE-2023-29112

CVE-2023-29112 affects SAP Application Interface Framework (Message Monitoring) versions 600 and 700. An authorized attacker can insert links or headings with custom CSS classes into a comment; the comment renders those links/classes as HTML objects, potentially resulting in limited impact on con...