CVE-2021-32829 Post-authentication Remote Code Execution (RCE) in ZStack REST API

ZStack is open source IaaSinfrastructure as a service software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution RCE via bypass of the Groovy shell...

PT-2021-19960 · Zstack · Z-Stack

Name of the Vulnerable Software and Affected Versions: ZStack versions prior to 3.8.21 ZStack versions prior to 3.10.8 ZStack versions prior to 4.1.0 Description: ZStack is open source IaaS software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs...

WordPress SEOPress, on-site SEO plugin 5.0.0 – 5.0.3 - Stored Cross-Site Scripting (XSS) vulnerability via REST-API

Stored Cross-Site Scripting XSS vulnerability via REST-API discovered by Chloe Chamberland WordFence in WordPress SEOPress, on-site SEO plugin versions 5.0.0 – 5.0.3. Solution Update the WordPress SEOPress, on-site SEO plugin to the latest available version at least 5.0.4...

SEOPress 5.0.0 – 5.0.3 - Authenticated Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $outp...

SEOPress 5.0.0 – 5.0.3 - Authenticated Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the /src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts. PoC $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ;...

Cisco Firepower Device Manager On-Box Software RCE (cisco-sa-fdm-rce-Rx6vVurq)

According to its self-reported version, Cisco Firepower Device Manager FDM On-Box software is affected by a vulnerability in the REST API that allows an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to...

CVE-2021-38095

The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request...

Cross site request forgery (csrf)

The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request...

CVE-2021-38095

The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive user accounts data, as demonstrated by an api/v1/users/1 request...

CVE-2021-38095

The CVE-2021-38095 entry affects Planview Spigit 4.5.3, where the REST API allows remote unauthenticated attackers to query sensitive user account data via api/v1/users/1. This is an unauthenticated access vulnerability exposing user data (high impact per CVSS 3.1). The Connected documents confir...

CVE-2021-34707

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API...

CVE-2021-34707

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API...

Design/Logic Flaw

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API...

CVE-2021-34707

CVE-2021-34707 concerns a information-disclosure vulnerability in the REST API of Cisco EPNM. An authenticated, remote attacker can exploit this by sending a specific API request to obtain sensitive information from the application. The issue is attributed to insufficient protection of sensitive ...

GitLab: Improper access control for users with expired password, giving the user full access through API and Git

Summary Users with an "expired password" can still access the full API with tokens. This includes the REST API, GraphQL API and Git HTTP access. The same issue was mitigated in 13.12.2 as "Insufficient Expired Password Validation". That patch blocked users with expired passwords from accessing th...

GHSA-GMR7-M73X-6C9Q Missing Authorization in TeamPass

Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default...

Missing Authorization in TeamPass

Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default...

Incorrect Authorization in TeamPass

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function...

GHSA-FV48-HJHP-94C7 Incorrect Authorization in TeamPass

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function...

CVE-2021-1518

A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...