Denial of service

pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filte...

CVE-2021-39196 Authenticated non-privileged user can request unfiltered data without adequate permissions in pcapture

pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filte...

CVE-2021-39196

CVE-2021-39196 affects pcapture, an open source dumpcap web service interface. In affected versions prior to 3.12, an authenticated but unprivileged user can use the REST API to capture and download packets with no capture filter and without adequate permissions, potentially exposing all data on ...

Authentication flaw

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution...

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution...

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution...

CVE-2021-40539

CVE-2021-40539 affects Zoho ManageEngine ADSelfService Plus (6100-series and earlier) with a REST API authentication bypass that enables remote code execution. Public evidence shows active exploitation campaigns (GODZILLA webshell, NGLite backdoor, KdcSponge) and targeted activity reported by CIS...

PT-2021-4466

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADSelfService Plus versions 6113 and prior Description The issue is related to an authentication bypass vulnerability in the REST API of Zoho ManageEngine ADSelfService Plus, which can lead to remote code execution. This...

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. Recent assessments: ccondon-r7 at November 08, 2021 3:18pm UTC reported: Rapid7’s services teams are observing opportunistic exploitation of this...

Zoho Releases Security Update for ADSelfService Plus

Zoho has released a security update on a vulnerability CVE-2021-40539 affecting ManageEngine ADSelfService Plus builds 6113 and below. CVE-2021-40539 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine...

CVE-2021-38312

The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...

CVE-2021-38312

The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...

Authorization

The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...

CVE-2021-38312

The CVE-2021-38312 entry concerns the WordPress Gutenberg Template Library & Redux Framework plugin, affected versions

CVE-2021-38312 Gutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletion

The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...

CVE-2021-38312 Gutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletion

The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The permissionscallback used in this file only checked f...

Meow Gallery < 4.2.0 - Unauthorised Arbitrary Options Update via REST API

The plugin does not properly check for capability in its REST API, allowing - Any authenticated user with the uploadfile capability such as author+ to call them in versions before 4.1.9 - Any unauthenticated user to call them except the restallsettings endpoint, in 4.1.9 One endpoint in...

Meow Gallery < 4.2.0 - Unauthorised Arbitrary Options Update via REST API

The plugin does not properly check for capability in its REST API, allowing - Any authenticated user with the uploadfile capability such as author+ to call them in versions before 4.1.9 - Any unauthenticated user to call them except the restallsettings endpoint, in 4.1.9 One endpoint in...

PT-2021-22030 · WordPress · The Gutenberg Template Library & Redux Framework

Name of the Vulnerable Software and Affected Versions: The Gutenberg Template Library & Redux Framework plugin versions prior to 4.2.12 Description: The issue concerns an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route. Specifically, t...

Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites

Two vulnerabilities have been found in the Gutenberg Template Library & Redux Framework plugin for WordPress, which is installed on more than 1 million websites. They could allow arbitrary plugin installation, post deletions and access to potentially sensitive information about a site’s...