CVE-2020-12021

CVE-2020-12021 affects OSIsoft PI Web API (2019 Patch 1, 1.12.0.6346) and earlier, with a cross-site scripting vulnerability that could enable a remote attacker to execute arbitrary JavaScript in a user’s browser, potentially leading to data view/modification/deletion under the victim’s permissio...

CVE-2020-12021

In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...

CVE-2020-3336

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service DoS or gain privileged access to the root filesystem. The vulnerabili...

Input validation

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service DoS or gain privileged access to the root filesystem. The vulnerabili...

OSIsoft PI Web API Cross-Site Scripting Vulnerability (CNVD-2020-51561)

OSIsoft PI Web API is a RESTful interface to a set of PI systems from the U.S. company OSIsoft. The product supports client applications to read and write access to their AF and PI data via HTTPS. A cross-site scripting vulnerability exists in the OSIsoft PI Web API, which can be exploited by an...

OSIsoft PI Web API 2019

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: OSIsoft Equipment: PI Web API 2019 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote authenticated attacker with write access to a PI Server to trick a...

The vulnerability of the REST API interface for controlling physical infrastructure and virtual environments in Cisco UCS Director and Cisco UCS Director Express for Big Data allows attackers to enhance their privileges.

The vulnerability of the REST API interface used for controlling physical infrastructure and virtual environments in Cisco UCS Director and Cisco UCS Director Express for Big Data is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to enhance...

CVE-2020-4427

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process...

Cisco UCS Director and Cisco UCS Director Express for Big Data Path Traversal Vulnerability (CNVD-2020-25345)

Cisco UCS Director and Cisco UCS Director Express for Big Data are both products from Cisco, Inc. Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS. Cisco UCS Director is a heterogeneous platform for private cloud infrastructure-as-a-service IaaS. A...

Huawei HG630 2 Router - Authentication Bypass Vulnerability

Exploit for hardware platform in category web applications Title: Huawei HG630 2 Router - Authentication Bypass Author: Eslam Medhat Vendor Homepage: www.huawei.com Version: HG630 V2 HardwareVersion: VER.B CVE: N/A POC: The default password of this router is the last 8 characters of the device's...

Apple Safari Flaws Enable One-Click Webcam Access

A security researcher has disclosed vulnerabilities in Apple’s Safari browser that can be used to snoop on iPhones, iPads and Mac computers using their microphones and cameras. To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one maliciou...

Firefox Zero-Day Flaws Exploited in the Wild Get Patched

Mozilla patched two Firefox browser zero-day vulnerabilities actively being exploited in the wild. The flaws, both use-after-free bugs, have been part of “targeted attacks in the wild,” according to a Mozilla Foundation security advisory posted Friday. Both bugs have critical ratings and allow...

Vulnerability Spotlight: Intel Raid Web Console 3 denial-of-service bugs

Geoff Serrao of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two denial-of-service vulnerabilities in the web API functionality of Intel RAID Web Console 3. The Raid Web Console is a web-based application that provides several configuration...

Intel Raid Web Console 3 add server denial-of-service vulnerability

Summary A remote, exploitable denial-of-service vulnerability exists in the web API functionality of Intel Raid Web Console 3. A specially crafted request can lead to a null pointer dereference in the Intel Raid Web Console server. This would result in a denial of service until the user restarts...

dnsFookup - DNS Rebinding Toolkit

DNS Rebinding freamwork containing: a dns server obviously web api to create new subdomains and control the dns server, view logs, stuff like that shitty react app to make it even more comfy What does it do? It lets you create dns bins like a burp collaborator but it adds a bit more features... a...

WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-05074)

WSO2 API Manager is an open source api management platform , provides a series of api creation , release , lifecycle management , version control , monetization, governance and security features , used to support organizations to achieve soa. A cross-site scripting vulnerability exists in WSO2 AP...

The vulnerability of the REST API interface of the Cisco Data Center Network Manager system allows a attacker to perform arbitrary actions on the vulnerable device.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system is related to the use of pre-installed registration data. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device remotely...

The vulnerability of the REST API interface of the Cisco Data Center Network Manager system allows a perpetrator to gain unauthorized access to protected information, affect data integrity, or execute arbitrary commands on the underlying operating system.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system is related to input validation errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information, compromise data integrity, or...

Cross-site Scripting (XSS)

nifi-web-api is vulnerable to cross-site scripting XSS. It does not handle error response properly, allowing an unauthenticated user when using the application with Firefox to inject malicious script via UI through action. Note: this vulnerability does occur in other browsers...

PT-2026-5160

Name of the Vulnerable Software and Affected Versions M/Monit version 3.7.4 Description An authenticated user can escalate privileges by manipulating the admin parameter. An attacker can send a crafted POST request to the /api/1/admin/users/update endpoint to grant administrative access to a...