Lucene search
K

186 matches found

Packet Storm
Packet Storm
added 2021/11/22 12:0 a.m.441 views

Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection

Exploit Title: Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection Date: 20/11/2021 Exploit Author: Ilker Burak ADIYAMAN Vendor Homepage: https://aimeos.org Software Link: https://aimeos.org/laravel-ecommerce-package Version: Aimeos 2021.10 LTS Tested on: MacOSX Description: The...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/11/22 12:0 a.m.357 views

Aimeos Laravel ecommerce platform 2021.10 LTS - (sort) SQL injection Vulnerability

Exploit Title: Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection Exploit Author: Ilker Burak ADIYAMAN Vendor Homepage: https://aimeos.org Software Link: https://aimeos.org/laravel-ecommerce-package Version: Aimeos 2021.10 LTS Tested on: MacOSX Description: The Aimeos E-Commerce...

7.1AI score
Exploits0
OSV
OSV
added 2021/09/15 3:22 p.m.5 views

DRUPAL-CORE-2021-008

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the...

9.8CVSS7AI score0.01236EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.6 views

Drupal 代码问题漏洞

Drupal is an open source content management system developed by the Drupal community using the PHP language. A code issue exists in Drupal that is caused by improper access restrictions in the program's "JSON:API" module and "REST/File" module. A remote user could bypass the implemented security...

9.8CVSS8.4AI score0.01236EPSS
Exploits0References6
Fortinet
Fortinet
added 2021/08/03 12:0 a.m.37 views

FortiSandbox - Predictable session IDs of JSON API

An instance of small space of random values in FortiSandbox RPC API may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs...

5CVSS7.2AI score0.00814EPSS
Exploits0Affected Software1
0day.today
0day.today
added 2021/05/19 12:0 a.m.54 views

NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery Vulnerability

NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance, and to redirect the mined coins to an arbitrary mining address. NiceHash Miner Excavator API Cross-Site...

0.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2020/12/10 8:3 p.m.40 views

NICER Protocol Deep Dive: Internet Exposure of etcd

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

6.8AI score
Exploits0
OSV
OSV
added 2020/06/17 6:10 p.m.4 views

DRUPAL-CORE-2020-006

JSON:API PATCH requests may bypass validation for certain fields. By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the readonly set to FALSE under jsonapi.settings config are vulnerable...

9.8CVSS6.7AI score0.01275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/06/10 12:0 a.m.7 views

PT-2020-6400 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 8.8.8 Drupal Core versions prior to 8.9.1 Drupal Core versions prior to 9.0.1 Description: The issue is related to improper authorization in the Drupal Core JSON:API module when the read only setting is set to...

9.8CVSS9AI score0.01275EPSS
Exploits0References12
NVD
NVD
added 2020/05/15 5:15 p.m.33 views

CVE-2020-12834

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

9.8CVSS9.8AI score0.11072EPSS
Exploits1References1
Prion
Prion
added 2020/05/15 5:15 p.m.17 views

Design/Logic Flaw

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

7.5CVSS9.6AI score0.11072EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2020/05/15 4:14 p.m.94 views

CVE-2020-12834

The Red Hat CVE record confirms CVE-2020-12834 affects eQ-3 Homematic CCU2 (version 2.51.6 and earlier) and CCU3 (version 3.51.6 and earlier). The vulnerability enables Remote Code Execution via the JSON API method ReGa.runScript due to the default auto-login feature being enabled during initial ...

9.8CVSS9.6AI score0.11072EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/05/15 4:14 p.m.29 views

CVE-2020-12834

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

9.8AI score0.11072EPSS
Exploits1References1
OSV
OSV
added 2020/04/15 3:45 p.m.5 views

DRUPAL-CONTRIB-2020-010

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The security team and module maintainers are marking this project unsupported. Both the 8.x-1.x and 8.x-2.x versions are unsupported, and users of either version are...

6.4AI score
Exploits0References1
Drupal
Drupal
added 2020/04/15 12:0 a.m.12 views

JSON:API - Critical - Unsupported - SA-CONTRIB-2020-010

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The security team and module maintainers are marking this project unsupported. Both the 8.x-1.x and 8.x-2.x versions are unsupported, and users of either version are...

5.6AI score
Exploits0References9
OpenVAS
OpenVAS
added 2020/03/17 12:0 a.m.29 views

Fedora: Security Advisory for couchdb (FEDORA-2020-73bd8167a0)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.2AI score
Exploits0References2
Fedora
Fedora
added 2020/03/16 8:49 p.m.47 views

[SECURITY] Fedora 32 Update: couchdb-3.0.0-1.fc32

Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a...

9CVSS2.7AI score0.11681EPSS
Exploits3
NVD
NVD
added 2020/02/21 4:15 p.m.28 views

CVE-2019-19866

Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with...

7.5CVSS7.5AI score0.01872EPSS
Exploits0References2
OSV
OSV
added 2020/02/21 4:15 p.m.3 views

CVE-2019-19866

Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with...

7.5CVSS7.2AI score0.01872EPSS
Exploits0References2
Prion
Prion
added 2020/02/21 4:15 p.m.20 views

Design/Logic Flaw

Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with...

5CVSS7.5AI score0.01872EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder