50 matches found
WordPress JSON API User Plugin <= 3.9.3 is vulnerable to Privilege Escalation
Software JSON API User Type Plugin Vulnerable versions = 3.9.3 Fixed in 3.9.4 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-6624 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c77720f52f77 Credits Thanh Nam Tran Required privile...
CVE-2021-21600
Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path...
Design/Logic Flaw
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...
CVE-2021-32739
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a...
PYSEC-2021-67
JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an xsrf field, as demonstrated by a /hub/api/user request to add or remove a user account...
Unspecified Vulnerability in HCL AppScan (CNVD-2021-13713)
HCL AppScan is a suite of dynamic analysis testing tools from HCL India. The tool is mainly used for web security testing. A security vulnerability exists in HCL AppScan Enterprise that stems from the use of broken or risky encryption algorithms to store REST API user details. No detailed...
CVE-2019-4325
"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."...
vBulletin 5.5.x < 5.5.2 Patch Level 2 Multiple Vulnerabilities
According to the self-reported version in its response header, the version of vBulletin hosted on the remote web server is 5.5.x 5.5.2 Patch Level 2, 5.5.3 5.5.3 Patch Level 2 or 5.5.4 5.5.4 Patch Level 2. It is, therefore, affected by multiples vulnerabilities : - A SQL injection vulnerability v...
CVE-2019-8902
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI...
WordPress Zotpress plugin <= 4.4 - SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress Zotpress plugin = 4.4 SQL Injection Vulnerability Date: 2011-09-04 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/zotpress.4.4.zip Version: 4.4 tested Note: magicquotes...