Synology Video Station Video Station 代码问题漏洞

Synology Video Station is a video management center. It can manage all movies, TV shows and home videos on Synology NAS. A server-side request forgery vulnerability exists in the Synology Video Station webapi component before 2.4.10-1632, which can be exploited by a remote authenticated attacker ...

Red Hat Data Grid 跨站请求伪造漏洞

Red Hat Data Grid is a memory-based Nosql database with distributed support from Red Hat. Red Hat Data Grid 8.2.0 suffers from a cross-site request forgery vulnerability that stems from a lack of authentication measures or insufficient authentication strength in a networked system or product. An...

The vulnerability of the REST API interface of the Cisco Firepower Device Manager On-Box software allows a hacker to trigger a maintenance failure.

The vulnerability of the REST API interface of the Cisco Firepower Device Manager On-Box software relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to trigger service failure remotely...

Dell OpenManage Server Administrator 9.4.0.0 File Read

Exploit Title: Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read Date: 4/27/2020 Exploit Author: Rhino Security Labs Version: :' exit This XML to imitate a Dell OMSA remote system comes from https://www.exploit-db.com/exploits/39909 Also check out...

UBUNTU-CVE-2015-2685

SQL injection in Icinga Web API...

Vulnerability of the web-API service provided by Junos routers of the NFX Series and SRX Series; allowing attackers to obtain the secret key for the web-API service

The vulnerability of the web-API service of Junos router series NFX and SRX is related to errors in managing cryptographic keys. Exploiting this vulnerability can allow an attacker to obtain the secret key for the web-API service...

CVE-2021-26685

A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attack...

ASSA ABLOY Yale WIPC-303W Operating System OS Command Injection Vulnerability

ASSA ABLOY Yale WIPC-303W is a home smart camera from ASSA ABLOY, Sweden. The ASSA ABLOY Yale WIPC-303W 2.21 through 2.31 camera suffers from an operating system command injection vulnerability that stems from command injection in the HTTP API and is susceptible to Remote Command Execution RCE...

PT-2021-10950 · Yale · Yale Wipc-303W

Name of the Vulnerable Software and Affected Versions: Yale WIPC-303W versions 2.21 through 2.31 Description: The issue allows for remote command execution through command injection via the HTTP API. Recommendations: For versions 2.21 through 2.31, update to a version that is not affected by this...

CVE-2021-1135

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory...

Cisco IoT Field Network Director Elevation of Privilege Vulnerability

Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. An elevation of privilege vulnerability exists in the REST API of Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from the software failing to properly authentica...

CVE-2020-3531

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

The vulnerability of the integration component of the Magento Commerce software development and management platform, related to authentication errors, allows attackers to gain unauthorized access to protected information and delete customer data through the REST API without authorization.

The vulnerability of the integration component of the Magento Commerce software for online store development and management is related to authentication errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information and delete customer data throug...

CVE-2020-25209

In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API...

Leonidas - Automated Attack Simulation In The Cloud, Complete With Detection Use Cases

Leonidas is a framework for executing attacker actions in the cloud. It provides a YAML-based format for defining cloud attacker tactics, techniques and procedures TTPs and their associated detection properties. These definitions can then be compiled into: A web API exposing each test case as an...

Dell OpenManage Server Administrator Path Traversal (DSA-2020-172)

The version of Dell OpenManage Server Administrator OMSA running on the remote host is affected by a path traversal vulnerability due to improper sanitization of user-supplied input to a web API request. An unauthenticated, remote attacker can exploit this, via a crafted request, to gain file...

Junos OS SRX/NFX Elevation of Privilege Vulnerability

The Junos OS SRX/NFX is a switch from Juniper Networks. A security vulnerability exists in the Junos OS SRX/NFX's handling of Web API private keys, which can be exploited by a remote attacker to submit a special request that can elevate privileges...

CVE-2020-1688

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an...

Authentication flaw

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an...

CVE-2020-1688 Junos OS: SRX and NFX Series: Insufficient Web API private key protection

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an...