84 matches found
FreeTakServer Trust Management Issue Vulnerability
FreeTAKServer is an open source lightweight server from the FreeTAKTeam team. It is used to connect to TAK clients. FreeTakServer suffers from a trust management issue vulnerability that stems from the fact that the Flask Secrets Key has three relevant locations that are hard-coded, which can be...
GHSA-HGGV-MCP4-VXC5 Improper Authentication in FreeTAKServer
FreeTAKServer is an open source, lightweight Server for connect TAK clients. An access control issue in the component /ManageRoute/postRoute of FreeTAKServer version 1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create...
GHSA-9988-F88M-MR42 Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...
GHSA-GJH6-WVHQ-H4QX Cross-site Scripting in FreeTAKServer-UI
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...
Improper Authentication in FreeTAKServer
FreeTAKServer is an open source, lightweight Server for connect TAK clients. An access control issue in the component /ManageRoute/postRoute of FreeTAKServer version 1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create...
SQL Injection in FreeTAKServer-UI
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...
Path traversal in FreeTAKServer-UI
An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...
Cross-site Scripting in FreeTAKServer-UI
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...
GHSA-JR2M-29WJ-W9QC SQL Injection in FreeTAKServer-UI
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...
GHSA-7CR9-RMQR-FPQP Path traversal in FreeTAKServer-UI
An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...
GHSA-F897-875P-23X7 Hard coded credentials in FreeTAKServer
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Hard coded credentials in FreeTAKServer
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Hard coded credentials in FreeTAKServer
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...
Improper Authentication in FreeTAKServer
An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create unsafe or false routes for legitimate users...
Path traversal in FreeTAKServer-UI
An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...
CVE-2022-25506
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...