PT-2023-27766 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.5.5 Parse Server versions prior to 6.2.2 Description: The issue concerns the Parse Cloud trigger beforeFind not being invoked in certain conditions of Parse.Query. This poses a risk for deployments where the...

2023 OWASP Top-10 Series: API1:2023 Broken Object Level Authorization

Welcome to the 2nd post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API1:2023 Broken Object Level Authorization. In this series we are taking an in-depth look at each category – the details, the...

CVE-2022-34770

Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoD...

Authorization

Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoD...

CVE-2022-34770 Tabit - sensitive information disclosure

Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoD...

CVE-2022-34770

CVE-2022-34770 concerns Tabit exposure of sensitive information via multiple web APIs that reveal health statements, bills, alcohol consumption, and smoking habits without proper authorization. Affected components include endpoints that expose MongoDB IDs in their URLs and rely on tiny URLs like ...

VAmPI - Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing

The Vulnerable API Based on OpenAPI 3 VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a...

Top 3 APIs Vulnerabilities: Why Apps are Pwned by Cyberattackers

Application programming interfaces APIs have become the glue that holds today’s apps together. There’s an API to turn on the kitchen lights while still in bed. There’s an API to change the song playing on your house speakers. Whether the app is on your mobile device, entertainment system or garag...

Security Update for SQL Server 2017 RTM GDR (KB4494351)

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services if it incorrectly enforces metadata permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected Analysis Services database. This security update fixes a...

Security Update for SQL Server 2017 RTM CU (KB4494352)

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services if it incorrectly enforces metadata permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected Analysis Services database. This security update fixes a...