Exploit for Path Traversal in Atlassian Confluence_Server

PoC exploit for CVE-2019-3396, a Confluence Server-Side Template Injection SSTI Remote Code Execution RCE vulnerability. The exploit targets Confluence versions vulnerable to this CVE. The vulnerability is exploited by sending a specially crafted request to the Confluence REST API, which allows a...

GSA Bounty: Wordpress Users Disclosure (/wp-json/wp/v2/users/) on data.gov

Summary: Hello TTS Bug bounty team! I have found data.gov User/admin usernames disclosed. Using REST API, we can see all the WordPress users/author with some of their information. Steps To Reproduce: You can find the information disclosure by going to data.gov/wp-json/wp/v2/users/ Supporting Vide...

All in One SEO Pack < 3.6.2 - Authenticated Stored Cross-Site Scripting

This flaw allowed authenticated users with contributor level access or above the ability to inject malicious scripts that would be executed if a victim accessed the wp-admin panel’s ‘all posts’ page. "Exploit Post", "content" = "\nTest2\n", "status"="pending"; $postdata = jsonencode$data; //Get...

CVE-2020-13926

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous versions after 2.0...

CVE-2020-13926

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous versions after 2.0...

Sql injection

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous versions after 2.0...

CVE-2020-13926

Kylin is susceptible to SQL injection in the segment-building process. The vulnerability arises because Hive SQL (HQL) used during segment creation is assembled from a mix of system configurations and user-overwritable REST API inputs, allowing an attacker to inject and execute arbitrary SQL stat...

[SECURITY] Fedora 32 Update: coturn-4.5.1.3-1.fc32

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gat eway. It can be used as a general-purpose network traffic TURN server/gateway, to o. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relayin...

WordPress acf-to-rest-api Information Disclosure Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in WordPress acf-to-rest-api, which can be exploited by an...

ACF to REST API < 3.3.0 - Unauthenticated Arbitrary wp_options Disclosure

The plugin does not properly check for authorisation and allowed options to be retrieved from the wp-json/acf/v3/options/ endpoint. This could allow unauthenticated attacker to retrieve arbitrary values from the wpoptions table, such as a list of active plugins. List all active plugins of the blo...

WordPress ACF to REST API plugin <= 3.2.0 - Unauthenticated Sensitive Information Disclosure vulnerability

Unauthenticated Sensitive Information Disclosure vulnerability discovered by Mariusz Poplawski in WordPress ACF to REST API plugin versions = 3.2.0. Solution Update the WordPress ACF to REST API plugin to the latest available version at least 3.3.0...

CVE-2020-13700

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wpoptions table, such as the login and pass...

CVE-2020-10274

The access tokens for the REST API are directly derived sha256 and base64 encoding from the publicly available default credentials from the Control Dashboard refer to CVE-2020-10270 for related flaws. This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks...

CVE-2020-10274

The access tokens for the REST API are directly derived sha256 and base64 encoding from the publicly available default credentials from the Control Dashboard refer to CVE-2020-10270 for related flaws. This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks...

CVE-2020-10275

The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly with base64USERNAME:sha256PASSWORD. An unauthorized attacker inside the network can use the defaul...

Default credentials

The access tokens for the REST API are directly derived sha256 and base64 encoding from the publicly available default credentials from the Control Dashboard refer to CVE-2020-10270 for related flaws. This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks...

Default credentials

The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly with base64USERNAME:sha256PASSWORD. An unauthorized attacker inside the network can use the defaul...

CVE-2020-10275 RVD#2565: Weak token generation for the REST API.

The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly with base64USERNAME:sha256PASSWORD. An unauthorized attacker inside the network can use the defaul...

CVE-2020-10275

CVE-2020-10275 describes a weakness in REST API token generation where tokens are directly derived from publicly available default credentials for the web interface. With a given USERNAME and PASSWORD, the token is computed as base64(USERNAME:sha256(PASSWORD)). An attacker inside the network who ...

CVE-2020-10274

MiR robots are affected by CVE-2020-10274 in combination with CVE-2020-10273. Affected products include MiR100, MiR200, MiR250, MiR500, MiR1000 and MiR Fleet, with MiR Robot Software versions prior to 2.10.2.1 (per ICS advisory) and older firmware versions (MiR controllers prior to 2.8.1.1) per N...