4960 matches found
CVE-2021-37415
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...
Authentication flaw
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...
CVE-2021-37415
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...
CVE-2021-37415
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...
CVE-2021-37415
CVE-2021-37415 affects Zoho ManageEngine ServiceDesk Plus. Before 11302, the product is vulnerable to an authentication bypass that allows access to a number of REST-API URLs without authentication. According to multiple sources, affected versions include 11.3 before 11302, 11.2 before 11208, 11....
CVE-2021-37415
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2021-22029
VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting...
Denial of service
VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting...
CVE-2021-22029
VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with access to /API/system/admins/session could cause an API denial of service due to improper rate limiting...
CVE-2021-22029
CVE-2021-22029 affects VMware Workspace ONE UEM REST API. A malicious actor with access to /API/system/admins/session can cause API denial of service due to improper rate limiting. The NVD lists CVSSv3 base 7.5 (HIGH); VMware’s advisory VMSA-2021-0017 notes a MODERATE severity with CVSSv3 up to 5...
GHSA-23R4-5MXP-C7G5 parse-server new anonymous user session acts as if it's created with password
Impact Developers that use the REST API to signup users and also allow users to login anonymously. When an anonymous user is first signed up using REST, the server creates session incorrectly, particularly the authProvider field in Session class under createdWith shows the user logged in creating...
parse-server new anonymous user session acts as if it's created with password
Impact Developers that use the REST API to signup users and also allow users to login anonymously. When an anonymous user is first signed up using REST, the server creates session incorrectly, particularly the authProvider field in Session class under createdWith shows the user logged in creating...
OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API
The plugin does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website. PoC Access the URL below as unauthenticated...
OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API
The plugin does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website. Access the URL below as unauthenticated...
Design/Logic Flaw
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates sessi...
WP Cerber Security < 8.9.3 - Rest-API Protection Bypass
The /wp-json REST API endpoint is by default blocked by WP Cerber from accessing its information. However, by appending a ?, the access control list protections are bypassed and data can then be retrieved from it...
VMware Workspace ONE UEM console patches address a denial of service vulnerability (CVE-2021-22029)
3. Advisory Details VMware Workspace ONE UEM REST API contains a denial of service vulnerability. VMware has evaluated this issue to be of 'Moderate' severity with a maximum CVSSv3 base score of 5.3...
CVE-2021-39138
Parse Server prior to v4.5.1 incorrectly classifies anonymous sessions as password-created when first signing up via REST, due to the createdWith value in _Session. This affects only developers who rely on createdWith for access control; the vulnerability is fixed in 4.5.1. The recommended workar...
BuddyPress < 9.1.1 - Activation Key Disclosure
The plugin disclosed the activation key from responses of the createitem method in the BP REST API Signup controller...
CVE-2021-32829
ZStack is open source IaaSinfrastructure as a service software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution RCE via bypass of the Groovy shell...