257 matches found
GHSA-R4V8-9HGX-VM6M Cloud Foundry UAA accepts refresh token as access token on admin endpoints
Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longe...
Accellion FTA OS Command Injection Vulnerability
Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints...
VulnCheck KEV: CVE-2021-27104
Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints...
CVE-2020-28657
CVE-2020-28657 affects bPanel 2.0. The vulnerability is in the administrative ajax endpoints (ajax/aj_*.php), which are accessible without authentication and allow SQL injections, potentially enabling platform compromise. The issue is documented across multiple connected records (NVD entry and RH...
CVE-2021-27104
Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later...
CVE-2021-27104
Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later...
Command injection
Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later...
CVE-2021-27104
Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Accellion FTA 操作系统命令注入漏洞
Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. An OS command injection vulnerability exists in Accellion FTA 912370 and earlier versions. An attacker can exploit this vulnerability by...
PT-2020-13708 · Phplist · Phplist
Name of the Vulnerable Software and Affected Versions: phpList versions prior to 3.5.4 Description: The issue allows for XSS attacks via the "/lists/admin/user.php" and "/lists/admin/users.php" API endpoints. This can potentially lead to malicious script execution. Recommendations: For versions...
PT-2026-5159
Name of the Vulnerable Software and Affected Versions M/Monit version 3.7.4 Description An authentication issue exists that allows authenticated attackers to retrieve user password hashes. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get API endpoints to extra...
CVE-2018-11047
Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longe...
CVE-2018-11047
Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longe...
CVE-2018-11047: UAA accepts refresh token as access token on admin endpoints | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using uaa versions 4.19 prior to 4.19.2, 4.12 prior to 4.12.4, 4.10 prior to 4.10.2, 4.7 prior to 4.7.6, 4.5 prior to 4.5.7 You are using uaa-release versions v60 prior to v60.2, v57 prior to v57.4,...
PT-2017-7998 · Red Hat · Red Hat Satellite
Name of the Vulnerable Software and Affected Versions: Red Hat Satellite 5 affected versions not specified Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected API...
PT-2005-5450 · Turnkey Web Tools · Sunshop Shopping Cart
Name of the Vulnerable Software and Affected Versions: Turnkey Web Tools SunShop Shopping Cart affected versions not specified Description: The issue allows remote attackers to obtain sensitive information via a phpinfo action to specific API endpoints: "index.php", "admin/index.php", and...
PT-2002-2520 · Midicart · Php Plus +2
Name of the Vulnerable Software and Affected Versions: MidiCart PHP, PHP Plus, and PHP Maxi affected versions not specified Description: The issue allows remote attackers to upload arbitrary PHP files via a direct request to "admin/upload.php" or access sensitive information via a direct request ...