185 matches found
CVE-2019-19866
Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with...
openSUSE Security Update : proftpd (openSUSE-2020-31)
This update for proftpd fixes the following issues : - GeoIP has been discontinued by Maxmind boo1156210 This update removes module build for geoip see https://support.maxmind.com/geolite-legacy-discontinuati on-notice/ - CVE-2019-19269: Fixed a NULL pointer dereference may occur when validating...
Security update for proftpd (moderate)
openSUSE Security Update: Security update for proftpd Announcement ID: openSUSE-SU-2020:0031-1 Rating: moderate References: 1113041 1144056 1154600 1155834 1156210 1157798 1157803 Cross-References: CVE-2017-7418 CVE-2019-12815 CVE-2019-18217 CVE-2019-19269 CVE-2019-19270 Affected Products: openSU...
Information disclosure
An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request...
CVE-2019-9585
eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...
Improper access control
eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...
CVE-2019-9585
eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...
CVE-2019-9585
CVE-2019-9585 affects eQ-3 Homematic CCU2 (before 2.47.10) and CCU3 (before 3.47.10). The JSON API has improper access control, enabling metadata read, set, and delete operations via the interface. ROOT CAUSE: insufficient access restrictions on the JSON API. IMPACT: potential disclosure and modi...
eQ-3 HomeMatic CCU2 and eQ-3 Homematic CCU3 Access Control Error Vulnerabilities
The eQ-3 Homematic CCU3 and the eQ-3 HomeMatic CCU2 are both central control units for a smart home system from eQ-3 Germany. An access control error vulnerability exists in the JSON API in the eQ-3 Homematic CCU2 version prior to 2.47.10 and the eQ-3 Homematic CCU3 version prior to 3.47.10, whic...
CVE-2016-10843
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API SEC-76...
Code injection
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API SEC-76...
CVE-2016-10843
Summary: CVE-2016-10843 affects cPanel prior to 11.54.0.4 and allows code execution in the context of shared users via the JSON-API (SEC-76). Affected product/vector: cPanel software; vulnerability arises through the JSON-API, enabling code execution in shared-user context. Root cause / impact: N...
CVE-2016-10843
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API SEC-76...
CVE-2019-3702
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LSRM33.7.0 2421 allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request...
Remote code execution
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LSRM33.7.0 2421 allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request...
CVE-2019-3702
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LSRM33.7.0 2421 allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request...
CVE-2019-3702
CVE-2019-3702 affects Lifesize Icon LS_RM3_3.7.0 (2421). The vulnerability is a Remote Code Execution in the DNS Query Web UI, exploitable by an authenticated attacker who crafts a DNS Query address field in a JSON API request. Connected sources reiterate the issue but do not provide exploitation...
CVE-2019-6340 Drupal core - Highly critical - Remote Code Execution
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...
JSON:API - Highly critical - Remote code execution - SA-CONTRIB-2019-019
This resolves issues described in SA-CORE-2019-003 for this module...
Remote Code Execution (RCE)
cfme is vulnerable to remote code execution RCE attacks. The vulnerability exists as Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute...