72 matches found
CVE-2022-30616
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978...
Code injection
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978...
IBM Robotic Process Automation 安全漏洞
IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation has an elevation of privilege vulnerability that stems from improper...
CVE-2022-30616
Summary: CVE-2022-30616 affects IBM Robotic Process Automation and IBM RPA for Cloud Pak/Service, with versions prior to 21.0.3 vulnerable. A privileged user could elevate privileges to platform administrator by manipulating APIs. Impact: high (privilege escalation) with CVSS base scores in the h...
CVE-2022-30616
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978...
Mailhog 1.0.1 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Mailhog 1.0.1 - Stored Cross-Site Scripting XSS Google Dork: https://www.shodan.io/search?query=mailhog 3500 Exploit Author: Vulnz Vendor Homepage: https://github.com/mailhog/MailHog Software Link: https://github.com/mailhog/MailHog Version: 1.0.1 Tested on: Windows,Linux,Docker CV...
CVE-2022-31081 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in HTTP::Daemon
HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...
Moderate: libsepol security update
The libsepol library provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy the policy compiler and similar tools, as well as by programs like loadpolicy that need to perform specific transformations on binary policies for example, customizing policy boolean...
Logitech: Manipulating response leads to free access to Streamlabs Prime
Heyy team, I have a found cool bug which allows me to get access to streamlabs prime features for free. Here is the api endpoint which checks whether the user has a prime subscription or not: https://streamlabs.com/api/v5/user/prime/subscription json "isactive": false, "ispending": false,...
CVE-2020-26175
CVE-2020-26175 affects Tangro Business Workflow prior to 1.18.1. An attacker can manipulate the value of the PERSON parameter in requests to the /api/profile endpoint to change the profile information of other users. The root cause is an authorization/validation flaw that allows parameter tamperi...
Docker Remote API 未授权访问
介绍 docker 在使用集群管理如:Kubernetes,swarm时,要使用remote api对节点进行管理.remote api无认证时的默认端口是2375需要TLS认证默认登录是2376。 remote api默认是可以不需要认证能直接访问,能直接对docker进行操作,如新建容器,删除容器,查看镜像容器信息等... remote api操作方法见docker官方文档 检测docker remote api 未授权访问可以使用curl或者直接用浏览器访问 http://ip:2375/info 如果返回了json证明漏洞存在,如下图 其他参考链接...
Moonpig API Vulnerability Exposes Payment Card Data
Moonpig, a U.K.-based company that sells personalized greeting cards, mugs, t-shirts and other novelties, has been taken to the woodshed for poor security practices by a researcher who claims it’s simple to pilfer user and payment card data through a wonky mobile app API. The company this morning...