CVE-2021-1518

Cisco Firepower Device Manager (FDM) On-Box Software REST API has a vulnerability allowing an authenticated, remote attacker to execute arbitrary code on the device’s underlying OS due to insufficient sanitization of specific REST API inputs. An attacker with valid low-privilege credentials can e...

Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability

A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...

Design/Logic Flaw

REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the /rest/api/latest/user/avatar/temporary endpoint...

CVE-2021-26081

REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the /rest/api/latest/user/avatar/temporary endpoint...

CVE-2021-26081

CVE-2021-26081 affects Atlassian Jira Server/Data Center: REST API /rest/api/latest/user/avatar/temporary allows remote username enumeration in affected builds (before 8.5.14; 8.6.x before 8.13.6; 8.14.x before 8.16.1). Public reports confirm the vulnerability exists in these versions, with the i...

CVE-2021-24385

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

Sql injection

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

CVE-2021-24385

The CVE-2021-24385 entry concerns the WordPress Filebird Plugin (v4.7.3). The vulnerability is a SQL injection caused by unescaped user input in SQL queries derived from a HTTP POST request, with the vulnerable code path invoked by a REST API endpoint that requires no authentication. This makes t...

CVE-2021-3044

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier th...

Authorization

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier th...

CVE-2021-3044

CVE-2021-3044 concerns an improper authorization vulnerability in Palo Alto Networks Cortex XSOAR that allows a remote unauthenticated attacker with network access to perform unauthorized actions via the REST API. Affected are Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064,...

CVE-2021-3044 Cortex XSOAR: Unauthorized Usage of the REST API

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier th...

Cortex XSOAR: Unauthorized Usage of the REST API

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. Work around: Until the XSOAR server is upgraded, to completely prevent the issu...

Palo Alto Networks Cortex XSOAR 安全漏洞

Palo Alto Networks Cortex XSOAR is a software application from Palo Alto Networks, Inc. It provides a security orchestration, automation, and response platform with threat intelligence management and a built-in marketplace. A security vulnerability exists in Palo Alto Networks Cortex XSOAR, which...

CVE-2021-31818

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...

CVE-2021-31818

Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Exploiting this vulnerability could allow unauthorised access to database tables...

CVE-2021-31818

CVE-2021-31818 : Affected product is Octopus Server. The vulnerability is an authenticated SQL injection in the Events REST API caused by user-supplied data not being parameterised, allowing an attacker to access database tables. This is documented across multiple sources (NVD/Red Hat/CNNVD). Exp...

Filebird 4.7.3 - Unauthenticated SQL Injection

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

Username enumeration on Jira Software Server 8.15 - CVE-2021-26081

Affected versions of Atlassian Jira Server and Jira Data Center allow remote attackers to discover the username of users via an enumeration vulnerability in the REST API. CVE-2021-26081 The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, from version 8.14.0 before...

Securing REST with free API Firewall. How-to guide

In our modern world, web applications are becoming ever more important. Bad actors know this and they target them more frequently than ever before. This is not likely to stop any time soon as the number of web applications the world needs will only go up with its reliance on technology. To fully...