CVE-2021-31831

Incorrect access to deleted scripts vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the...

Design/Logic Flaw

Incorrect access to deleted scripts vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the...

CVE-2021-31831 Incorrect access to deleted scripts vulnerability in McAfee DBSec

Incorrect access to deleted scripts vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the...

CVE-2021-31831

CVE-2021-31831 concerns McAfee Database Security (DBSec) prior to 4.8.2. Affected component: REST API access to signed SQL scripts marked as deleted/expired in the administrative console. Root cause: incorrect access control allowing a remote authenticated attacker to gain access to these scripts...

PT-2021-19534 · Mcafee · Mcafee Database Security

Name of the Vulnerable Software and Affected Versions: McAfee Database Security versions prior to 4.8.2 Description: The issue allows a remote authenticated attacker to gain access to signed SQL scripts that have been marked as deleted or expired within the administrative console. This access is...

IBM Engineering Systems Design Rhapsody Access Control Error Vulnerability

IBM Engineering Systems Design Rhapsody is part of the IBM Engineering product portfolio from IBM Corporation, USA. It provides a collaborative design development and test environment for systems engineers supporting UML, SysML, UAF and AUTOSAR. An access control error vulnerability exists in IBM...

CVE-2020-4495

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute...

Improper access control

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute...

CVE-2020-4495

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute...

CVE-2020-4495

CVE-2020-4495 concerns IBM Jazz Foundation and IBM Engineering products where an improper access control in the REST API allows a remote attacker to bypass restrictions and perform arbitrary actions with administrative privileges. The vulnerability affects multiple IBM Engineering product lines (...

VulnCheck KEV: CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

Apache Airflow 1.10.10 Remote Code Execution

Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Date: 2021-06-02 Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker...

Apache Airflow 1.10.10 - (Example Dag) Remote Code Execution Exploit

Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker apache/airflow:1.10 .10...

Caronte - A Tool To Analyze The Network Flow During Attack/Defence Capture The Flag Competitions

Caronte is a tool to analyze the network flow during capture the flag events of type attack/defence. It reassembles TCP packets captured in pcap files to rebuild TCP connections, and analyzes each connection to find user-defined patterns. The patterns can be defined as regex or using protocol...

SUSE SLES12 Security Update : slurm_20_11 (SUSE-SU-2021:1791-1)

This update for slurm2011 fixes the following issues : Udpate to 20.11.7 : CVE-2021-31215: remote code execution as SlurmUser because of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling bsc1186024 Ship REST API version and auth plugins with slurmrestd. Add YAML support...

Exploit for Incorrect Authorization in Buddypress

CVE-2021-21389 BuddyPress 7.2.1 - REST API Privilege Esca...

SUSE-SU-2021:1793-1 Security update for slurm_20_11

This update for slurm2011 fixes the following issues: - Udpate to 20.11.7: - CVE-2021-31215: remote code execution as SlurmUser because of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling bsc1186024 - Ship REST API version and auth plugins with slurmrestd. - Add YAML...

SUSE-SU-2021:1791-1 Security update for slurm_20_11

This update for slurm2011 fixes the following issues: - Udpate to 20.11.7: - CVE-2021-31215: remote code execution as SlurmUser because of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling bsc1186024 - Ship REST API version and auth plugins with slurmrestd. - Add YAML...

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value

In the plugin, the lack of capability checks and insufficient nonce check on the AJAX actions, simple301redirects/admin/getwildcard and simple301redirects/admin/wildcard, made it possible for authenticated users to retrieve and update the wildcard value for redirects. $wpuser, 'pwd' = $wppass,...

CVE-2020-9450

An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to antiransomwareservice.exe. This can be exploited to add an arbitrary malicious...