CVE-2023-41570

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API...

Zoho ManageEngine ADManager Plus Authorization Issues Vulnerability

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

PT-2023-23231 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.0.0p36 Checkmk versions prior to 2.1.0p28 Checkmk versions prior to 2.2.0b8 Description: The issue is related to the improper neutralization of livestatus command delimiters in the RestAPI, allowing arbitrary...

PT-2023-20120 · Nvidia · Nvidia Dgx-1 Bmc

Name of the Vulnerable Software and Affected Versions: NVIDIA DGX-1 BMC affected versions not specified Description: The issue concerns the SPX REST API in NVIDIA DGX-1 BMC, where an attacker with the appropriate authorization level can inject arbitrary shell commands. This may lead to code...

Checkmk 代码问题漏洞

Checkmk is an editor. A security vulnerability exists in Tribe29 Checkmk version 2.1.0p10 and earlier, version 2.0.0p28 and earlier, which stems from failing to securely terminate expired sessions in RestAPI. An attacker could exploit the vulnerability to use an expired session token when...

CVE-2022-29081

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...

UBUNTU-CVE-2022-0549

An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not...

PT-2021-6071

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ServiceDesk Plus versions prior to 11306 Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10530 Zoho ManageEngine SupportCenter Plus versions prior to 11014 Description The issue is related to unauthenticated remote...

PT-2021-4466

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADSelfService Plus versions 6113 and prior Description The issue is related to an authentication bypass vulnerability in the REST API of Zoho ManageEngine ADSelfService Plus, which can lead to remote code execution. This...

VulnCheck KEV: CVE-2017-1001000

The registerroutes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a...

jenkins: Improper handling of REST API XML deserialization errors

A flaw was found in jenkins. An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data...

infinispan: authorization check missing for server management operations

A flaw was found in the Infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. The highest threat...

Traccar Code Issues Vulnerabilities

Traccar is the United States Traccar company of a Java-based GPS tracking can provide the function of building the system . The software supports more than 170 kinds of GPS protocols and more than 1500 models of GPS tracking devices . traccar can be used with any major SQL database system . It al...

Cisco Data Center Network Manager 安全漏洞

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A configuration bypass vulnerability exists in one of the REST API endpoints in...

CVE-2020-3239

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section o...

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application Cross-Site Scripting Vulnerability

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...

PT-2017-10922

Name of the Vulnerable Software and Affected Versions Stop User Enumeration version 1.3.8 Description The issue allows user enumeration via the REST API. Recommendations For version 1.3.8, consider disabling the REST API until a patch is available to prevent user enumeration...

CFME: REST API SQL Injection

It was found that CloudForms 4 exposed SQL filters via the REST API without any input escaping. An authenticated user could use this flaw to perform SQL injection attacks against the CloudForms Management Engine database...