ZOHO ManageEngine ADAudit Plus 安全漏洞

An elevation of privilege vulnerability previously existed in Zoho ManageEngine ADAudit Plus 7055, which stems from the presence of a password field in a JSON response that an attacker could could use this vulnerability to perform an authenticated elevation of privilege on the integrated product...

redhat-support-lib-python and redhat-support-tool bug fix and enhancement update

An update is available for redhat-support-tool, redhat-support-lib-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The redhat-support-tool utility...

Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE

The plugin fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of arbitrary files as the content of the file is the...

GHSA-RCVX-RMVF-MXCH Cross-site Scripting in Eclipse Hawkbit

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

Cross-site Scripting in Eclipse Hawkbit

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to denial of service. The vulnerability exists due to the unhandled exception in the stupidjsondecode function of InGamePacketHandler.php when decoding an invalid JSON response form, which allows an attacker to cause an application crash...

FetLife: Able to access private picture/video/writing when requesting for their JSON response

Description Endpoint https://fetlife.com/users/user-id/pictures/pic-id has 2 types of responses, HTML and JSON. The type of response depends on Accept header of request it get. If request contains Accept: application/json, then it will return JSON response. Other than that, it returns HTML...

CVE-2020-27219

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

Design/Logic Flaw

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

CVE-2020-27219

CVE-2020-27219 affects Eclipse Hawkbit prior to 0.3.0M7. The REST API may return a 404 Not Found JSON response that includes the full, unescaped request path, exposing unsafe characters. This could disclose internal URL structure to an attacker that POSTs to a non-existent resource. Root cause: u...

CVE-2020-27219

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

VK.com: [m.vk.com] XSS на страницах /artist/

XSS при возвращении со страницы артиста. Insufficient validation of the from parameter at the artist page allowed the attacker to inject external URLs into the "Back" link using the LF char: https://m.vk.com/artist/marduk?from=%0A/external.com html When clicked, an ajax request to its URL was sen...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data returning decrypted credentials

Summary IBM Watson Discovery for IBM Cloud Pak for Data returns decrypted credentials for data soruces in JSON response of internal API for processing settings. Vulnerability Details Third Party Entry: PSIRT-ADV0022492 DESCRIPTION: Created from Advisory: ADV0022492 CVSS Base score: 4.9 CVSS Vecto...

Brave Software: Username Information Disclosure via Json response - Using parameter number Intruder

Summary: Hi , Brave Team we found vulnerability's in your websites , I Found all username disclosed using Json Response parameter-number. Platforms Affected: website . https://community.brave.com/c/brave-feature-requests.json . https://community.brave.com/c/beta-builds/38.json Steps To Reproduce:...

Mail.ru: Reflected XSS on am.ru and subdomains

Content-Type for JSON response was incorrectly set to text/html for am.ru, potentially leading to multiple XSS possibilities, including demonstrated reflected XSS vector via GET parameters...

Jira 8.3.4 Information Disclosure

Exploit Title: Jira 8.3.4 - Information Disclosure Username Enumeration Date: 2019-09-11 Exploit Author: Mufeed VH Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira Version: 8.3.4 Tested on: Pop!OS 19.10 CVE : CVE-2019-8449 CVE-2019-8449 Exploit fo...

Semrush: CORS misconfiguration which leads to the disclosure of certain data concerning the user.

INTRODUCTION I used an account to search for this vulnerability: id: 5407773 email: [email protected] IP used: 2a01:e34:ec2a:9240:7d25:26c3:1449:bfe7 endpoint URL: https://www.semrush.com/content-paywall/api/accesslevel Summary: CORS policy too permissive. EXPLOITATION Description of...

AntiDisposmail - Detecting Disposable Email Addresses

Antbot.pw provides a free, open API endpoint for checking a domain or email address against a frequently-updated list of disposable domains. CORS is enabled for all originating domains, so you can call the API directly from your client-side code. GET https://antibot.pw/api/[email protected]...

Cross-site Scripting (XSS)

jquery-mobile is vulnerable to cross-site scripting. Lack of validation in the Content-Type header of an XHR request results in the rendering of an AJAX JSON response as HTML in a user's browser. A remote attacker is able to inject arbitrary Javascript into a victim's browser by relying on anothe...