55 matches found
CVE-2023-34274
D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit thi...
php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...
CVE-2023-50089
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication...
php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...
CVE-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...
Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
...
USN-6199-1 php7.4, php8.1 vulnerability
It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information...
CVE-2021-31600
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...
CVE-2021-31601
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...
Design/Logic Flaw
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...
CVE-2021-31601
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...
CVE-2021-31600
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...
CVE-2021-31600
Hitachi Vantara Pentaho (through 9.1 and Pentaho BI Server 7.x) exposes an access-control flaw in SOAP web services that allows any authenticated user to enumerate usernames. The vulnerable components are the web services exposed by /pentaho/webservices/userRoleListService and /pentaho/ServiceAct...
Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control Vulnerability
Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. While most of the interfaces correctly implement ACL, the Data Source Management Service located at /pentaho/webservices/datasourceMgmtService allows low-privilege...
Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Jackrabbit User Enumeration Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th February 2021 Solution Date: Wont...
Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Insufficient Access Control of Data Source Management Service Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th...
CVE-2019-15982
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker wou...
CVE-2019-1660
A vulnerability in the Simple Object Access Protocol SOAP of Cisco TelePresence Management Suite TMS software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the...
Authentication flaw
A vulnerability in the Simple Object Access Protocol SOAP of Cisco TelePresence Management Suite TMS software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to trigger a service failure.
The vulnerability of the Core component of the Oracle VM VirtualBox software is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to trigger a service failure using the SOAP protocol...