FortiWeb - Heap-based buffer overflows in API controller

Multiple heap-based buffer overflow vulnerabilities CWE-122 in web API controllers of FortiWeb may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests...

Nextcloud: Missing brute force protection on OAuth2 API controller

Vulnerability description not provided...

CVE-2020-28954

web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name...

dayrui FineCms 'oauth' function cross-site scripting vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. A cross-site scripting vulnerability exists in the 'oauth' function of the controllers/member/api.php file in version 5.0.11 of...

File upload vulnerability in WeiPHP 4.0beta frontend

WeiPHP is an open source WeChat public platform development framework, can easily build a personal WeChat public account operation platform. A file upload vulnerability exists in WeiPHP 4.0 beta, as ApiController.class.php fails to strictly filter input parameters. A remote attacker can exploit...

IBOS Enterprise Collaboration Management software open source latest version ApiController.php page actionSearch function has SQL injection vulnerability

IBOS is a new enterprise co-location management platform that offers services such as commercial licensing, program customization, data conversion, storage services and more. IBOS enterprise collaborative management software open source latest version of ApiController.php page actionSearch functi...

CVE-2016-3072

Multiple SQL injection vulnerabilities in the scopedsearch function in app/controllers/katello/api/v2/apicontroller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the 1 sortby or 2 sortorder parameter...

CVE-2016-3072

Multiple SQL injection vulnerabilities in the scopedsearch function in app/controllers/katello/api/v2/apicontroller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the 1 sortby or 2 sortorder parameter...

Security feature bypass

Katello allows remote attackers to cause a denial of service memory consumption via the 1 mode parameter in the setuputils function in contentsearchcontroller.rb or 2 action parameter in the respond function in api/apicontroller.rb in app/controllers/katello/, which is passed to the tosym method...