Filebird 4.7.3 - Unauthenticated SQL Injection

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

Username enumeration on Jira Software Server 8.15 - CVE-2021-26081

Affected versions of Atlassian Jira Server and Jira Data Center allow remote attackers to discover the username of users via an enumeration vulnerability in the REST API. CVE-2021-26081 The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, from version 8.14.0 before...

Securing REST with free API Firewall. How-to guide

In our modern world, web applications are becoming ever more important. Bad actors know this and they target them more frequently than ever before. This is not likely to stop any time soon as the number of web applications the world needs will only go up with its reliance on technology. To fully...

CVE-2021-31831

Incorrect access to deleted scripts vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the...

Design/Logic Flaw

Incorrect access to deleted scripts vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the...

CVE-2021-31831

CVE-2021-31831 concerns McAfee Database Security (DBSec) prior to 4.8.2. Affected component: REST API access to signed SQL scripts marked as deleted/expired in the administrative console. Root cause: incorrect access control allowing a remote authenticated attacker to gain access to these scripts...

CVE-2021-31831 Incorrect access to deleted scripts vulnerability in McAfee DBSec

Incorrect access to deleted scripts vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the...

IBM Engineering Systems Design Rhapsody Access Control Error Vulnerability

IBM Engineering Systems Design Rhapsody is part of the IBM Engineering product portfolio from IBM Corporation, USA. It provides a collaborative design development and test environment for systems engineers supporting UML, SysML, UAF and AUTOSAR. An access control error vulnerability exists in IBM...

PT-2021-19534 · Mcafee · Mcafee Database Security

Name of the Vulnerable Software and Affected Versions: McAfee Database Security versions prior to 4.8.2 Description: The issue allows a remote authenticated attacker to gain access to signed SQL scripts that have been marked as deleted or expired within the administrative console. This access is...

CVE-2020-4495

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute...

Improper access control

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute...

CVE-2020-4495

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute...

CVE-2020-4495

CVE-2020-4495 concerns IBM Jazz Foundation and IBM Engineering products where an improper access control in the REST API allows a remote attacker to bypass restrictions and perform arbitrary actions with administrative privileges. The vulnerability affects multiple IBM Engineering product lines (...

VulnCheck KEV: CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

Apache Airflow 1.10.10 - (Example Dag) Remote Code Execution Exploit

Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker apache/airflow:1.10 .10...

Apache Airflow 1.10.10 Remote Code Execution

Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Date: 2021-06-02 Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker...

Caronte - A Tool To Analyze The Network Flow During Attack/Defence Capture The Flag Competitions

Caronte is a tool to analyze the network flow during capture the flag events of type attack/defence. It reassembles TCP packets captured in pcap files to rebuild TCP connections, and analyzes each connection to find user-defined patterns. The patterns can be defined as regex or using protocol...

SUSE SLES12 Security Update : slurm_20_11 (SUSE-SU-2021:1791-1)

This update for slurm2011 fixes the following issues : Udpate to 20.11.7 : CVE-2021-31215: remote code execution as SlurmUser because of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling bsc1186024 Ship REST API version and auth plugins with slurmrestd. Add YAML support...

Exploit for Incorrect Authorization in Buddypress

CVE-2021-21389 BuddyPress 7.2.1 - REST API Privilege Esca...

SUSE-SU-2021:1793-1 Security update for slurm_20_11

This update for slurm2011 fixes the following issues: - Udpate to 20.11.7: - CVE-2021-31215: remote code execution as SlurmUser because of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling bsc1186024 - Ship REST API version and auth plugins with slurmrestd. - Add YAML...