52 matches found
Cisco Nexus Dashboard 访问控制错误漏洞
Cisco Nexus Dashboard is the United States Cisco Cisco a single console. It can simplify the operation and management of data center networks. Cisco Nexus Dashboard has a security vulnerability that can be exploited by an unauthenticated, remote attacker to access specific APIs running in the dat...
Metasploit Wrap-Up
GitLab RCE New Rapid7 team member jbaines-r7 wrote an exploit targeting GitLab via the ExifTool command. Exploiting this vulnerability results in unauthenticated remote code execution as the git user. What makes this module extra neat is the fact that it chains two vulnerabilities together to...
SolarWinds Orion Authentication Bypass Vulnerability
SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands...
CVE-2020-10148
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds...
OBDeleven vulnerability
OBDelevens OBD-II dongle is an onboard diagnostics port module that connects to a mobile app over Bluetooth. It takes advantage of weaknesses in UDS secure access to unlock the vehicle ECU and enable enhanced diagnostics and some additional functionality. Some of these functions are only availabl...
CVE-2020-13941
Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler https://lucene.apache.org/solr/guide/86/index-replication.htmlhttp-api-commands-for-the-replicationhandler allows commands backup, restore and deleteBackup. Each of these take a...
CVE-2020-13941
Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler https://lucene.apache.org/solr/guide/86/index-replication.htmlhttp-api-commands-for-the-replicationhandler allows commands backup, restore and deleteBackup. Each of these take a...
CVE-2020-13941
Reported in SOLR-14515 private and fixed in SOLR-14561 public, released in Solr version 8.6.0. The Replication handler https://lucene.apache.org/solr/guide/86/index-replication.htmlhttp-api-commands-for-the-replicationhandler allows commands backup, restore and deleteBackup. Each of these take a...
CVE-2020-13941
CVE-2020-13941 concerns Apache Solr’s replication handler. The vulnerability arises because the backup, restore, and deleteBackup HTTP API commands accept a location parameter that was not validated, enabling read/write access to any location the solr user can access. Multiple sources note this w...
CVE-2020-3227
A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests fo...
Authorization
A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests fo...
CVE-2020-3227 Cisco IOx for IOS XE Software Privilege Escalation Vulnerability
A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests fo...
CVE-2020-3227 Cisco IOx for IOS XE Software Privilege Escalation Vulnerability
A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests fo...
Cisco IOx for IOS XE Software Privilege Escalation Vulnerability
A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests fo...
PT-2020-2670 · Cisco · Cisco Ios Xe +1
Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure could allow an unauthenticated, remote attacker to execute Cisco IOx API...
CVE-2017-18442
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands SEC-246...
CVE-2017-18444
cPanel before 64.0.21 allows demo accounts to execute SSH API commands SEC-248...
CVE-2017-18442
CVE-2017-18442 : Affected software is cPanel prior to 64.0.21. The issue allows demo accounts to trigger Cpanel::SPFUI API commands (SEC-246), implying limited privilege elevation within the control panel API. The description and connected documents do not provide additional exploitation details ...
The vulnerability in the web interface of the Cisco Prime Home system allows a perpetrator to bypass the authentication process and perform arbitrary actions with administrator privileges.
The vulnerability in the Cisco Prime Home system’s web interface exists due to deficiencies in the authentication process related to role-based access control RBAC errors. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and perform arbitrary actions wit...
Cisco Patches Authentication Bypass in Cisco Prime Home
Cisco has patched a critical vulnerability in its Cisco Prime Home remote management software used by service providers to oversee and provision subscribers’ home devices. The flaw, found by Cisco engineers, is in the product’s web-based GUI and allows remote attackers to bypass authentication an...