219 matches found
Vulnerabilities fixed in Veeam Backup & Replication
Veeam has fixed vulnerabilities in Backup & Replication. A malicious party could exploit the vulnerabilities to execute of arbitrary code. To do so, the malicious party must access an internal API of the Veeam Distribution Service. For this no authentication is required. Veeam has released update...
PT-2022-8172 Ā· Harbor Ā· Harbor
Name of the Vulnerable Software and Affected Versions: Harbor versions 1.10.3 and earlier, Harbor versions 2.x before 2.0.1 Description: The issue allows unauthenticated API calls to reveal whether a resource exists via the HTTP status code, enabling resource enumeration. An attacker can make use...
DPD package sniffing
TL;DR An unauthenticated API call was identified in DPD Groupās public API that could allow a user with a valid package ID to, with some basic OSINT, discover the packageās destination postcode and thus obtain all details about the package. DPD Group were prompt in the triage and resolution of th...
Proofpoint Insider Threat Management Server SQLę³Øå „ę¼ę“
Proofpoint Insider Threat Management Server is a server-side application from Proofpoint, Inc. that is used to prevent malicious operations by enterprise insiders. A security vulnerability exists in Proofpoint Insider Threat Management Server that stems from incorrect input validation of the...
Information disclosure
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...
CVE-2021-22012
The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information...
VMware vCenter Server < 7.0 U2d Multiple Vulnerabilities (VMSA-2021-0020)
The version of VMware vCenter Server installed on the remote host is prior to 7.0 U2d. It is, therefore, affected by multiple vulnerabilities: - An unauthenticated API endpoint vulnerability exists in the vCenter Server Content Library. An unauthenticated, remote attacker can exploit this to...
VMware vCenter Server updates address multiple security vulnerabilities
3a. vCenter Server file upload vulnerability CVE-2021-22005 The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. 3b. vCenter Server...
CVE-2021-22025
The vRealize Operations Manager API 8.x prior to 8.5 contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster...
in aquilacms/aquilacms
āļø Description Unauthenticated API function allows any user to change OR view another user first name, last name, password, and address information. As well, leaked activateAccountToken and resetPassToken can be viewed. šµļøāāļø Proof of Concept The attacker can guess the correct MongoDBobject ID and...
in amirsanni/mini-inventory-and-sales-management-system
š„ BUG unprivileged user can update stoke š„ STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ 2. Now goto user-B account and here user-B cant see any item.\ Now user-B execute...
Design/Logic Flaw
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints...
CVE-2021-33221
CommScope Ruckus IoT Controller (1.7.1.0 and earlier) exposes unauthenticated API endpoints. The Nuclei template details a service-details endpoint that leaks system/config data (DNS/NTP, hostname, version, etc.), a diagnostic endpoint that can generate CPU/disk-heavy files, and a reset endpoint ...
Western Digital WD My Book Live č®æé®ę§å¶éčÆÆę¼ę“
Western Digital WD My Book Live is a network storage device from Western Digital. A security vulnerability exists in Western Digital WD My Book Live 2.x and earlier versions and WD My Book Live Duo, which stems from the fact that the products have an administrator API that can be exploited by an...
CommScope Ruckus IoT Controller č®æé®ę§å¶éčÆÆę¼ę“
The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. An access control error vulnerability exists in...
CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints Vulnerability
Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT Controller...
CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints
KL-001-2021-001: CommScope Ruckus IoT Controller Unauthenticated API Endpoints Title: CommScope Ruckus IoT Controller Unauthenticated API Endpoints Advisory ID: KL-001-2021-001 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-001.txt 1...
CommScope Ruckus IoT Controller Unauthenticated API Endpoints
Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-306: Missing Authentication for Critical Function CVE ID: CVE-2021-33221 2. Vulnerability Description Three API endpoints for the...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Improper Certificate Validation for Fortinet OTP Denial of Service Attack on gitlab-shell Resource exhaustion due to pending jobs Confidential issue titles were exposed Improper access control allowed demoted project members to access authored merge requests Improper access contro...
Tableau Software Server Authorization Issues Vulnerability
Tableau Software Server is a set of file hosting servers from Tableau Software USA. The product is primarily used to manage and share data visualizations, interactive dashboards, workbooks, and reports created by Tableau Desktop data visualization software. A security vulnerability exists in...