4960 matches found
CVE-2021-1369
A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML External Entity XXE...
CVE-2021-1369 Cisco Firepower Device Manager On-Box Software XML External Entity Vulnerability
A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML External Entity XXE...
CVE-2021-1369 Cisco Firepower Device Manager On-Box Software XML External Entity Vulnerability
A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML External Entity XXE...
CVE-2021-1369
The CVE-2021-1369 entry concerns Cisco Firepower Device Manager (FDM) On-Box Software. The vulnerability arises from improper handling of XML External Entity (XXE) references when parsing certain XML files in the REST API, enabling an authenticated, remote attacker to read and write information s...
CVE-2020-21990
Emmanuel MyDomoAtHome MDAH REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information...
CVE-2020-21990
Emmanuel MyDomoAtHome MDAH REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information...
CVE-2020-21990
Emmanuel MyDomoAtHome MDAH REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information...
F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM REST API vulnerability (K23203045)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4 / 15.1.3 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K23203045 advisory. - On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP...
Cisco Firepower Device Manager On-Box Software XML External Entity Vulnerability
A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected device. This vulnerability is due to the improper handling of XML External Entity XXE...
CVE-2021-31856
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go...
CVE-2021-31856
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go...
Sql injection
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go...
CVE-2021-31856
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go...
CVE-2021-31856
Layer5 Meshery 0.5.2 contains a SQL injection in the REST API exposed via the /api/experimental/patternfile (also described as /experimental/patternfiles) endpoint. The vulnerability stems from the GetMesheryPatterns function, where the order parameter from user input is directly concatenated int...
Sipwise C5 NGCP CSC - (Multiple) Stored/Reflected Cross-Site Scripting Vulnerability
Exploit Title: Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting XSS Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected...
Sipwise C5 NGCP CSC Cross Site Scripting
Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin version 3.6.7 Summary: Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source...
Sipwise C5 NGCP CSC Cross Site Request Forgery
Sipwise C5 NGCP CSC CSRF Click2Dial Exploit Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin version 3.6.7 Summary: Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-swit...
Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)
Exploit Title: Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting XSS Date: 13.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page:...
Vulnerablecode - A Free And Open Vulnerabilities Database And The Packages They Impact And The Tools To Aggregate And Correlate These Vulnerabilities
VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure the open source software ecosystem. Why? The existing solutions are commercial proprietary vulnerability...
Design/Logic Flaw
An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the...