Lucene search
+L

257 matches found

OSV
OSV
added 2022/05/13 1:49 a.m.33 views

GHSA-R4V8-9HGX-VM6M Cloud Foundry UAA accepts refresh token as access token on admin endpoints

Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longe...

7.5CVSS7.4AI score0.01066EPSS
Exploits0References13
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.14 views

Accellion FTA OS Command Injection Vulnerability

Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints...

10CVSS9.2AI score0.56411EPSS
In wildExploits0
VulnCheck KEV
VulnCheck KEV
added 2021/04/13 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-27104

Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints...

10CVSS7.5AI score0.56411EPSS
Exploits0References1
CVE
CVE
added 2021/03/02 6:10 p.m.72 views

CVE-2020-28657

CVE-2020-28657 affects bPanel 2.0. The vulnerability is in the administrative ajax endpoints (ajax/aj_*.php), which are accessible without authentication and allow SQL injections, potentially enabling platform compromise. The issue is documented across multiple connected records (NVD entry and RH...

9.8CVSS9.7AI score0.01668EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/02/16 9:15 p.m.5 views

CVE-2021-27104

Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later...

9.8CVSS7.4AI score0.56411EPSS
Exploits0References3
NVD
NVD
added 2021/02/16 9:15 p.m.17 views

CVE-2021-27104

Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later...

10CVSS0.56411EPSS
Exploits0References3
Prion
Prion
added 2021/02/16 9:15 p.m.20 views

Command injection

Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later...

10CVSS9.5AI score0.56411EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/02/16 12:0 a.m.59 views

CVE-2021-27104

Accellion FTA 912370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA912380 and later. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

10CVSS6.6AI score0.56411EPSS
In wildExploits0References3
CNNVD
CNNVD
added 2021/02/16 12:0 a.m.11 views

Accellion FTA 操作系统命令注入漏洞

Accellion File Transfer Appliance FTA is a secure file transfer service that allows users to share and synchronize files online, all encrypted with AES 128/256. An OS command injection vulnerability exists in Accellion FTA 912370 and earlier versions. An attacker can exploit this vulnerability by...

10CVSS7.6AI score0.56411EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/06/04 12:0 a.m.6 views

PT-2020-13708 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phpList versions prior to 3.5.4 Description: The issue allows for XSS attacks via the "/lists/admin/user.php" and "/lists/admin/users.php" API endpoints. This can potentially lead to malicious script execution. Recommendations: For versions...

6.1CVSS6.1AI score0.00848EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2020/01/01 12:0 a.m.6 views

PT-2026-5159

Name of the Vulnerable Software and Affected Versions M/Monit version 3.7.4 Description An authentication issue exists that allows authenticated attackers to retrieve user password hashes. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get API endpoints to extra...

7.1CVSS5.4AI score0.0042EPSS
Exploits1References11
NVD
NVD
added 2018/07/24 7:29 p.m.29 views

CVE-2018-11047

Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longe...

7.5CVSS7.5AI score0.01066EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/07/24 7:0 p.m.25 views

CVE-2018-11047

Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longe...

7.4AI score0.01066EPSS
Exploits0References1
Cloud Foundry
Cloud Foundry
added 2018/07/18 12:0 a.m.302 views

CVE-2018-11047: UAA accepts refresh token as access token on admin endpoints | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions You are using uaa versions 4.19 prior to 4.19.2, 4.12 prior to 4.12.4, 4.10 prior to 4.10.2, 4.7 prior to 4.7.6, 4.5 prior to 4.5.7 You are using uaa-release versions v60 prior to v60.2, v57 prior to v57.4,...

7.5CVSS7.4AI score0.01066EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2016/05/19 12:0 a.m.4 views

PT-2017-7998 · Red Hat · Red Hat Satellite

Name of the Vulnerable Software and Affected Versions: Red Hat Satellite 5 affected versions not specified Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected API...

6.1CVSS6AI score0.01578EPSS
Exploits0References40
Positive Technologies
Positive Technologies
added 2005/12/31 12:0 a.m.6 views

PT-2005-5450 · Turnkey Web Tools · Sunshop Shopping Cart

Name of the Vulnerable Software and Affected Versions: Turnkey Web Tools SunShop Shopping Cart affected versions not specified Description: The issue allows remote attackers to obtain sensitive information via a phpinfo action to specific API endpoints: "index.php", "admin/index.php", and...

5CVSS6.7AI score0.01512EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2002/12/31 12:0 a.m.4 views

PT-2002-2520 · Midicart · Php Plus +2

Name of the Vulnerable Software and Affected Versions: MidiCart PHP, PHP Plus, and PHP Maxi affected versions not specified Description: The issue allows remote attackers to upload arbitrary PHP files via a direct request to "admin/upload.php" or access sensitive information via a direct request ...

9.1CVSS6.5AI score0.0456EPSS
Exploits1References8
Rows per page
Query Builder