9 matches found
Xibo CMS SQL注入漏洞
Xibo CMS is an open-source content management system for Xibo Digital Signage. Versions 1.7 to 4.4.0 of Xibo CMS have SQL injection vulnerabilities. These vulnerabilities stem from SQL injection in the dataset filtering parameters within the API routing, which may allow authorized users to access...
AWS SDK for .NET 输入验证错误漏洞
AWS SDK for .NET is an open source developer kit from Amazon Web Services. An input validation error vulnerability exists in AWS SDK for .NET versions 4.0.0 through prior to 4.0.3.3, which stems from a regional input field that can be set to an invalid value, potentially resulting in AWS API call...
Improper Validation of Syntactic Correctness of Input
Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the region input field. An attacker can cause AWS API calls to be routed to unintended or non-existent hosts by supplying an invalid...
RUCKUS SmartZone 操作系统命令注入漏洞
RUCKUS SmartZone is a network controller from RUCKUS. An operating system command injection vulnerability exists in versions prior to RUCKUS SmartZone 6.1.2p3 Refresh Build, which stems from OS command injection in API routing and could lead to a security risk...
RubyGems: `/names.nsf` and all `/names*` files route to public API on rubygems.org
During the security assessment of the application hosted at https://rubygems.org/names.nsf, it was discovered that a sensitive file "names.nsf", is publicly accessible without proper authentication and it is supposed to be protected by authentication mechanisms to ensure that unauthorized users d...
CVE-2023-34478
Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha...
IBM Robotic Process Automation License Issue Vulnerability (CNVD-2023-68780)
IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. can help you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation suffers from an authorization issue vulnerabili...
IBM Robotic Process Automation 安全漏洞
IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. can help you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation suffers from an authorization issue vulnerabili...
Shopware Licensing Issue Vulnerability
Shopware is a suite of open source e-commerce software from the German company Shopware.Shopware suffers from an authorization issue vulnerability that stems from incorrect api routing checks. An attacker could exploit this vulnerability to modify customers and create orders without application...