SUSE-SU-2024:0851-1 Security update for axis

This update for axis fixes the following issues: - CVE-2023-51441: Fixed SSRF when untrusted input is passed to the service admin HTTP API bsc1218605...

PT-2024-20374 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: Jfinalcms version 5.0.0 Description: A SQL injection issue allows a remote attacker to obtain sensitive information. The issue is related to the /admin/admin API endpoint, specifically the name parameter. Recommendations: For Jfinalcms versio...

BIT-MEDIAWIKI-2022-29906

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66 omits a check for the quizadmin user...

BIT-MINIO-2020-11012 Authentication bypass MinIO Admin API

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has bee...

BIT-APISIX-2020-13945

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...

WordPress Plugin Seraphinite Accelerator Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-18139 · WordPress · Seraphinite Accelerator

Name of the Vulnerable Software and Affected Versions: Seraphinite Accelerator plugin for WordPress versions up to, and including, 2.20.52 Description: The issue allows authenticated attackers with subscriber-level access and above to make web requests to arbitrary locations originating from the...

CVE-2024-1703

CVE-2024-1703 affects ZhongBangKeJi CRMEB version 5.2.2, specifically the openfile function in /adminapi/system/file/openfile. The vulnerability is an absolute path traversal in that endpoint, enabling an attacker to access files outside the intended directory. The vulnerability has been disclose...

CRMEB Security Vulnerabilities

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang in Xi'an, China. CRMEB 5.2.2 version of a security vulnerability , the vulnerability stems from the file /adminapi/system/file/openfile function openfile path traversal vulnerability...

PT-2024-18237 · Zhongbangkeji · Crmeb

Name of the Vulnerable Software and Affected Versions: ZhongBangKeJi CRMEB version 5.2.2 Description: A critical issue affects the function save/delete of the file "/adminapi/system/crud". The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The...

IBM Integration Bus 资源管理错误漏洞

IBM Integration Bus IBM WebSphere Message Broker is an enterprise service bus ESB product from International Business Machines IBM. The product provides connectivity and common data transformation for Service Oriented Architecture SOA environments and non-SOA environments. A resource management...

PT-2024-19345 · Ibm · Ibm Integration Bus

Name of the Vulnerable Software and Affected Versions: IBM Integration Bus for z/OS versions 10.1 through 10.1.0.2 Description: The issue is related to a denial of service due to file system exhaustion in the AdminAPI. Recommendations: For versions 10.1 through 10.1.0.2, consider restricting acce...

CVE-2023-52077

Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...

CVE-2023-48966

An arbitrary file upload vulnerability in the component /admin/api.upload/file of ThinkAdmin v6.1.53 allows attackers to execute arbitrary code via a crafted Zip file...

Design/Logic Flaw

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...

Fedora 38 : matrix-synapse (2023-c3c8cc5f8b)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c3c8cc5f8b advisory. Update to v1.94.0 CVE-2023-45129 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

CVE-2023-45129

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...

GHSA-5CHR-WJW5-3GQ4 matrix-synapse vulnerable to denial of service due to malicious server ACL events

Impact A malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which presumably do not need to use server ACLs are not affected. Patches Server administrators are advised to upgrade to...

DEBIAN-CVE-2023-45129

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...

CVE-2023-45129

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...