CVE-2021-43781

CVE-2021-43781 concerns Invenio-Drafts-Resources. The issue: versions prior to 0.13.7 and 0.14.6 fail to enforce permissions when publishing a record, allowing an authenticated user to publish draft records belonging to others via REST API if the record ID is known and the draft passes validation...

CVE-2021-43781 Permissions not properly checked in Invenio-Drafts-Resources

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...

Invenio-Drafts-Resources 安全漏洞

Invenio-Drafts-Resources is a submission/deposit module for Invenio. It is used for research data management. A security vulnerability exists in Invenio-Drafts-Resources versions prior to 0.13.7 and 0.14.6, which stems from a failure to properly check permissions in the affected product. The...

Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration...

PT-2021-6071

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ServiceDesk Plus versions prior to 11306 Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10530 Zoho ManageEngine SupportCenter Plus versions prior to 11014 Description The issue is related to unauthenticated remote...

ManageEngine ADSelfService Plus Authentication Bypass / Code Execution Exploit

This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service. This module requires Metasploit:...

ManageEngine ADSelfService Plus Authentication Bypass / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus CVE-2021-40539', 'Description' = %q This module exploits CVE-2021-40539, a REST API authentication bypass...

ManageEngine ADSelfService Plus CVE-2021-40539

This module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service. Module Options msf use...

WP Guppy < 1.3 - Sensitive Information Disclosure

The plugin does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user PoC !/bin/bash Exploit Title:...

CVE-2021-43494

OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access...

CVE-2021-43494

OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access...

Directory traversal

OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access...

CVE-2021-43494

OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access...

CVE-2021-43494

The CVE-2021-43494 entry concerns OpenCV-REST-API (master branch as of commit 69be158…): a directory traversal vulnerability that can disclose secrets stored on the system and potentially aid remote code access. Affected component is the OpenCV-REST-API repository; root cause is directory travers...

OpenCV 路径遍历漏洞

OpenCV is an open source, cross-platform, lightweight computer vision library. A path traversal vulnerability exists in OpenCV-REST-API, which stems from a commit in the main branch of OpenCV-REST-API being affected by a directory traversal vulnerability...

CVE-2021-34582

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code XSS through web-based management or the REST API with a manipulated certificate file...

Code injection

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code XSS through web-based management or the REST API with a manipulated certificate file...

CVE-2021-34582 Phoenix Contact: FL MGUARD XSS through web-based management and REST API

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code XSS through web-based management or the REST API with a manipulated certificate file...

CVE-2021-34582

Phoenix Contact FL MGUARD 1102 and 1105 are affected in versions 1.4.0, 1.4.1, and 1.5.0. A user with high privileges can inject HTML code (XSS) through the web-based management interface or the REST API when a manipulated certificate file is used. The vulnerability stems from the handling of cer...