1080 matches found
CVE-2024-43430
A flaw was found in moodle. External API access to Quiz can override contained insufficient access control...
CVE-2024-43430 Moodle: lack of access control when using external methods for quiz overrides
A flaw was found in moodle. External API access to Quiz can override contained insufficient access control...
PT-2024-30580 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: moodle affected versions not specified Description: A flaw was found in moodle, where external API access to Quiz can override contained insufficient access control. Recommendations: At the moment, there is no information about a newer versio...
PT-2024-8175 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 9.3.0 through 10.0.16 Description: The issue is related to incorrect access control in the GLPI system, which can be exploited by a remote attacker to gain unauthorized access to an account through the API. An authenticated user...
Century Systems FutureNet NXR 安全漏洞
Century Systems FutureNet NXR is a series of routers from Century Systems, Japan. A security vulnerability exists in Century Systems FutureNet NXR, which arises from an initial configuration where REST-APIs are accidentally enabled during device startup, which could allow an attacker to gain acce...
Adobe FrameMaker Publishing Server 2022 < 17.0.1 (2022.0.1) Security Feature Bypass (APSB23-58)
The version of Adobe FrameMaker Publishing Server installed on the remote Windows host is prior to Adobe FrameMaker Publishing Server 2022 17.0.1. It is, therefore, affected by a vulnerability as referenced in the apsb23-58 advisory. - Adobe FrameMaker Publishing Server versions 2022 and earlier...
CVE-2023-32188
A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE...
NeuVector 安全漏洞
NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. A security vulnerability exists in previous versions of NeuVector...
PT-2024-39480 · Unknown · Octopus Server
Name of the Vulnerable Software and Affected Versions: Octopus Server versions 2024.1.0 through 2024.1.13038 Octopus Server versions 2024.2.0 through 2024.2.9482 Octopus Server versions 2024.3.0 through 2024.3.12766 Description: This issue is related to an SQL Injection vulnerability due to...
Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229
Versa Networks has released an advisory for a vulnerability CVE-2024-45229link is external affecting Versa Director. A cyber threat actor could exploit this vulnerability to exercise unauthorized REST APIs. CISA urges organizations to apply necessary updates, hunt for any malicious activity, repo...
CVE-2024-8601
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to unauthorized acce...
CVE-2024-39715
CVE-2024-39715 describes a code injection vulnerability in Veeam Service Provider Console (VSPC) where a low-privileged user with REST API access can remotely upload arbitrary files to the VSPC server, leading to remote code execution. The description is consistent across multiple sources (NVD, R...
CVE-2024-39715
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server...
Veeam Service Provider Console 安全漏洞
Veeam Service Provider Console is a cloud-enabled platform from Veeam USA. A security vulnerability exists in Veeam Service Provider Console version 8.0.0.19552 and previous versions 8, which stems from the inclusion of a code injection vulnerability that allows a low privileged user with REST AP...
The vulnerability of the Cisco Smart License Utility software management software lies in undocumented static user credentials. This allows a malicious individual to gain unauthorized access to confidential information and to access the API without proper authorization.
The vulnerability of the Cisco Smart License Utility software management system is related to undocumented static account data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to confidential information and unauthorized access to the API...
CVE-2024-20440
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...
CVE-2024-20440
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...
CVE-2024-34650
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel...
CVE-2024-45586
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...
Symphony XTS Web Trader 安全漏洞
Symphony XTS Web Trader is an advanced HTML5-based trading platform from Symphony. A security vulnerability exists in Symphony XTS Web Trader version 2.0.0.1P160, which stems from improper access control to the API. A remote attacker could exploit the vulnerability to manipulate parameters via HT...