4960 matches found
Unspecified Vulnerability in HCL AppScan (CNVD-2021-13713)
HCL AppScan is a suite of dynamic analysis testing tools from HCL India. The tool is mainly used for web security testing. A security vulnerability exists in HCL AppScan Enterprise that stems from the use of broken or risky encryption algorithms to store REST API user details. No detailed...
Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure
Exploit Title: WP Courses 2.0.29 - Broken Access Controls leading to Courses Content Disclosure Exploit Author: Stefan Broeder, Marco Ortisi redtimmysec Authors blog: https://www.redtimmy.com Vendor Homepage: https://wpcoursesplugin.com/ Version Vulnerable: 2.0.29 CVE: requested but not assigned...
CVE-2020-10746
A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...
Design/Logic Flaw
A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...
CVE-2020-10746
A flaw was found in Infinispan org.infinispan:infinispan-server-runtime version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion...
CVE-2020-8349
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System CNOS’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where...
Remote code execution
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System CNOS’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where...
CVE-2020-8349
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System CNOS’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where...
CVE-2020-8349
CVE-2020-8349 affects Cloud Networking Operating System (CNOS) via the optional REST API management interface. The vulnerability is unauthenticated remote code execution that is not present when the REST API interface is disabled; if enabled, access is limited to the VRF and governed by ACLs. Imp...
CVE-2020-3567
A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...
Input validation
A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...
CVE-2020-3567 Cisco Industrial Network Director Denial of Service Vulnerability
A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...
CVE-2020-3567
CVE-2020-3567 affects Cisco Industrial Network Director (IND) via the management REST API. Affected versions prior to 1.9.0 (per CNVD entry) expose a vulnerability where insufficient validation of REST requests allows an authenticated, remote attacker to trigger high CPU utilization, causing a pe...
CVE-2020-3567 Cisco Industrial Network Director Denial of Service Vulnerability
A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...
CVE-2020-26876
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...
Design/Logic Flaw
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...
CVE-2020-26876
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step for course videos and materials by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because showinrest is enabled for custom post types e.g.,...
CVE-2020-26876
CVE-2020-26876 – WordPress WP Courses Plugin up to version 2.0.27/2.0.29 suffers an information-disclosure via the REST API. The issue stems from show_in_rest being enabled for custom post types, allowing access to private course videos and materials through endpoints like /wp-json/wp/v2/course o...
Cisco Industrial Network Director Denial of Service Vulnerability
A vulnerability in the management REST API of Cisco Industrial Network Director IND could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service DoS condition on an affected device. The vulnerability is due to insufficient...
Cloud Networking Operating System (CNOS) Vulnerability - Lenovo Support US
No description provided...