2010 matches found
Improper Access Control
vantage6-server is vulnerable to Improper Access Control. The vulnerability is due to improper permission checks in the /api/collaboration/id/task endpoint which retrieves tasks from a collaboration. Vantage only checks if the user has permission to view the collaboration, but should also check i...
PT-2023-29732 · Unknown · Vitogate 300
Name of the Vulnerable Software and Affected Versions: Vitogate 300 version 2.1.3.0 Description: The issue allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method in the...
CVE-2023-41882
vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/id/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version...
MTN Group: Information disclosure via enabled Django Debug Mode
The Django Debug Mode was enabled, which resulted in the disclosure of error messages, API endpoints, and the ability to register arbitrary user accounts and enumerate email addresses of registered users...
CVE-2023-45303
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...
CVE-2023-5160 Full name disclosure via team top membership with Show Full Name option disabled
Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAMID/top/teammembers endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled...
CVE-2023-43662
ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...
Deserialization of untrusted data
Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the networktraffic API endpoint. An attacker can leverage this vulnerability to execute...
No rate limit on sending magic link to sign-in
Description It was observed that rate limit is not being implemented on sending magic link , which allows an attacker to spam the victims mailbox. Affected URL : https://app.vrite.io/api/v1/auth.sendMagicLink?batch=1 Proof of Concept 1. Visit - https://app.vrite.io/auth 2. select option "continue...
Remote Code Execution
FUXA is vulnerable to Remote Command Execution. The vulnerability is due to the lack of sanitization on user supplied input which allows use of dangerous methods at the following affected API route /api/runscript. This can be exploited by an attacker by passing malicious user input to the followi...
PT-2023-28810 · Unknown +1 · Hoteldruid +1
Name of the Vulnerable Software and Affected Versions: Hoteldruid version 3.0.5 Description: A SQL injection vulnerability was discovered in Hoteldruid via the n utente agg parameter at the "/hoteldruid/interconnessioni.php" API endpoint. This issue allows for SQL injection attacks, potentially...
Design/Logic Flaw
A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...
The vulnerability in the HTTP request basket service interface allows a attacker to perform an SSRF attack.
The vulnerability of the web service interface for collecting and checking HTTP requests related to Request Baskets is related to insufficient validation of incoming requests when processing the name parameter /api/baskets/name. Exploiting this vulnerability allows a malicious actor to perform an...
Design/Logic Flaw
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/download/updateFile endpoint. The issue results from the lack of prope...
Design/Logic Flaw
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/thumbnail endpoint. The issue results from the lack of proper validati...
CVE-2023-4613
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/settings/upload endpoint. The issue results from the lack of proper validation...
PT-2023-27976 · Tenda · Tenda Ac7
Name of the Vulnerable Software and Affected Versions: Tenda AC7 version V15.03.06.44 Description: A stack overflow issue was discovered via the timeZone parameter at the "/goform/SetSysTimeCfg" API endpoint. This issue affects the Tenda AC7 router. Recommendations: For Tenda AC7 version...
PT-2023-27974 · Tenda · Tenda Ac7 +2
Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 1.0 V15.03.06.44 Tenda AC9 version 3.0 V15.03.06.42 multi Tenda AC5 version 1.0RTL V15.03.06.28 Description: A stack overflow issue was discovered via the parameter list at the "/goform/SetIpMacBind" API endpoint. This issue...
Cross-site Scripting (XSS)
github.com/prometheus/alertmanager is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of HTML sanitization in the generatorURL field of Alert.elm, which allows an attacker to inject and execute malicious JavaScript by sending a POST request to the /api/v1/alerts...