52 matches found
PT-2023-32048 · Field Logic · Field Logic Datacube4
Name of the Vulnerable Software and Affected Versions: Field Logic DataCube4 up to 20231001 Description: A problematic issue was found in the Web API component, affecting unknown code of the file /api/. This leads to improper authentication. The exploit has been disclosed to the public and may be...
GL.iNet devices 安全漏洞
GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices prior to version 3.216, which stems from an API endpoint displaying information about the Wi-Fi configuration, including the SSID and key...
PT-2022-27882 · Nbnbk · Nbnbk
Name of the Vulnerable Software and Affected Versions: nbnbk affected versions not specified Description: The issue is related to an arbitrary file read vulnerability. This vulnerability is exploited via the /api/Index/getFileBinary API endpoint. Recommendations: At the moment, there is no...
Miele appWash 安全漏洞
Miele appWash is a laundry room digitization app from Miele Germany. Miele appWash suffers from an Access Control Error vulnerability that stems from the use of an API endpoint to bypass authorization checks. An attacker could use this vulnerability to gain read and partial write access to data...
PT-2022-26708 · Tenda · Tenda Tx3
Name of the Vulnerable Software and Affected Versions: Tenda TX3 version US TX3V1.0br V16.03.13.11 multi TDE01 Description: A stack overflow issue was discovered via the list parameter at the "/goform/SetVirtualServerCfg" API endpoint. Recommendations: For Tenda TX3 version US TX3V1.0br...
PT-2022-20764 · Unknown · Librehealth Ehr Base
Name of the Vulnerable Software and Affected Versions: LibreHealth EHR Base version 2.0.0 Description: The issue allows for incorrect access to the interface/super/manage site files.php. The estimated number of potentially affected devices worldwide is not available. There is no information about...
TerraMaster TOS 安全漏洞
TerraMaster TOS is a Linux-based operating system dedicated to the TerraMaster Cloud Storage NAS server from China's TerraMaster Corporation. TerraMaster TOS has a security vulnerability that can be exploited by an attacker executing a request to the /module/api.php?mobile/wapNasIPS endpoint to...
CVE-2021-1577
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due t...
PT-2021-2193 · Cisco · Cisco Application Policy Infrastructure Controller +1
Name of the Vulnerable Software and Affected Versions: Cisco ACI Multi-Site Orchestrator MSO affected versions not specified Description: A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO could allow an unauthenticated, remote attacker to bypass authentication on an...
CVE-2019-16999
CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status field in JSON data to the api/osinstall/v1/device/getNumByStatus URI...
CVE-2018-12296
Insufficient access control in /api/external/7.0/system.System.getinfos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests...
CVE-2019-1754
A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged level 1, remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker...