Veeam Backup&Replication 路径遍历漏洞

Veeam Backup & Replication is a suite of data protection software from the Swiss company Veeam. The software provides backup, replication and recovery for VMware and Hyper-V VMs, physical and cloud environments. A path traversal vulnerability exists in Veeam Backup & Replication 9.5U3, 9.5U4, 10....

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

CVE-2021-43051

The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of thos...

WHO COVID-19 Mobile App: Internal API endpoint is accesible for everyone

Summary: It looks like the endpoint /internal/cron/refreshCaseStats as configured in cron.yaml https://github.com/WorldHealthOrganization/app/blob/master/server/appengine/src/main/webapp/WEB-INF/cron.yamlL3 is accesible for everyone. Since it is configured as a cronjob to run every 5 minutes and...

Mail.ru: Acessed internal api documentation and information

hello team, Anyone can be able to access api documents and files . Actually this domain have proper authentication mechanism. https://apidocs.ucs.ru/ when i browse the above domain , it goes to login page . not possible to create accounts . means can access authenticated people . but when we brow...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data returning decrypted credentials

Summary IBM Watson Discovery for IBM Cloud Pak for Data returns decrypted credentials for data soruces in JSON response of internal API for processing settings. Vulnerability Details Third Party Entry: PSIRT-ADV0022492 DESCRIPTION: Created from Advisory: ADV0022492 CVSS Base score: 4.9 CVSS Vecto...

TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Vulnerability

Exploit for hardware platform in category web applications Exploit Title: TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Exploit Author: PCEumel Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.tp-link.com/us/support/download/tl-sg105e/Firmware Version: TP-Link...

Authorization

Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls...

CVE-2016-3131

Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls...

New Relic: Ability to view monitor names of other NR accounts through internal API (v3) via "monitor_id" parameter

NR Alerts gives you the granularity to set alert conditions on an alert policy depending on the conditions you specify at the https://alerts.newrelic.com/accounts/ACCOUNTNUMBER/policies/POLICYID/conditions/new URL. When you select an entity for the condition, the application does not check to...

Cloud Foundry CF Networking SQL Injection Vulnerability

Cloud Foundry CF Networking Release is a program from the U.S.-based Cloud Foundry Foundation that provides policy-based container networking for Cloud Foundry. A SQL injection vulnerability exists in the internal api endpoint in Cloud Foundry CF Networking Release 2.16.0 prior to 2.11.0, which c...

Uber: Client secret, server tokens for developer applications returned by internal API

@appsecurein identified an internal API for https://riders.uber.com that could return clientsecret and server token for applications authorized by the account owner to access their Uber account. We restricted the data returned by this endpoint. Thanks for bringing this to our attention,...

New Relic: IDOR via internal_api "users" endpoint

While trying to figure out what the heck is going on with 347664, I stumbled upon another way to perform the "gift that keeps on giving" as @ahamlin put it. Steps to reproduce: 1. Add a unconfirmed user to your account 2. Navigate to https://alerts.newrelic.com/accounts/1523936/channels 3. Click ...

CVE-2017-2606

Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible SECURITY-380. This only affects anonymous users other users legitimately have access that were able to get a list of items via an...

CVE-2017-2606

Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible SECURITY-380. This only affects anonymous users other users legitimately have access that were able to get a list of items via an...

New Relic: Internal API endpoint discloses full account name of email address associated with unconfirmed user

There's an interesting thing happening with the Internal API call that lists users on an account. Based on what I can tell, it's another IDOR like █████████ in which it exposes user information of accounts that Steps to reproduce: 1. Create an account 2. As an admin, go to create a new user...

New Relic: [NR Alerts/Synthetics?] User with no Synthetics permissions can view synthetic monitor details through /internal_api/ endpoint

Hey all, This one is pretty interesting. What's happening is that a user with no permissions to view synthetics will get this page when they try to navigate directly to the Synthetics monitor list https://synthetics.newrelic.com/accounts/1523936/monitors: F267305 However, the restricted user can...

New Relic: NR Internal_API call allows me to read the events/violations/policies/messages of ANY New Relic account (AND pull data from infrastructure)

@jonbottarini identified an issue with an API used to populate the UI across different products. This API wasn't properly validating the account ID for certain requests, returning information for any ID presented. I wrote up a quick overview about this issue here:...

Jenkins < 2.44 / 2.32.x < 2.32.2, Jenkins Operations Center < 1.625.22.1 / 2.7.22.0.1 / 2.32.2.1, and Jenkins Enterprise < 1.651.22.1 / 2.7.22.0.1 / 2.32.2.1 Multiple Vulnerabilities

The remote web server hosts a version of Jenkins that is prior to 2.44, or a version of Jenkins LTS prior to 2.32.2, or else a version of Jenkins Operations Center that is 1.625.x.y prior to 1.625.22.1, 2.7.x.0.y prior to 2.7.22.0.1, or 2.x.y.x prior to 2.32.2.1, or else a version of Jenkins...

CVE-2017-3830

A vulnerability in an internal API of the Cisco Meeting Server CMS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2...