2007 matches found
CVE-2023-29443
Summary of CVE-2023-29443 from connected sources: Multiple ManageEngine products (ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus, AssetExplorer) are affected by an XML External Entity (XXE) vulnerability. A privileged SDAdmin can configure a malicious server to return malformed XML vi...
PT-2023-13899 · Unknown · Pingfederate
Name of the Vulnerable Software and Affected Versions: PingFederate affected versions not specified Description: The issue concerns a Cross-Site Request Forgery CSRF vulnerability. It affects the "/pf/idprofile.ping" API endpoint, which is vulnerable to crafted GET requests. Recommendations: At t...
Modoboa Information Disclosure Vulnerability
modoboa is an email hosting and management platform for individual developers. An information disclosure vulnerability exists in modoboa versions prior to 2.1.0, which originates when /api/v2/parameters/core/ returns sensitive information without any authentication or authorization. An attacker c...
PT-2023-22473 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the UpdateWanParams interface at the "/goform/aspForm" API endpoint. Recommendations: For H3C Magic R200 version R200V100R004, consider restricting...
PT-2023-22461 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the UpdateSnat interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic R200 versi...
PT-2023-22467 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the UpdateMacClone interface at the "/goform/aspForm" API endpoint. This issue affects the specified version of the H3C Magic R200. Recommendations: Fo...
PT-2023-22470 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the SetAPWifiorLedInfoById interface at the "/goform/aspForm" API endpoint. Recommendations: For H3C Magic R200 version R200V100R004, consider disablin...
PT-2023-22471 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the DeltriggerList interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic R200...
PT-2023-22464 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the SetMobileAPInfoById interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic...
PT-2023-22469 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the DelvsList interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic R200 versio...
PT-2023-22463 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the Edit BasicSSID 5G interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic R20...
PT-2023-22468 · H3C · H3C Magic R200
Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the AddMacList interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic R200 versi...
PT-2023-22525 · Unknown · Sourcecodester Judging Management System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Judging Management System version 1.0 Description: The issue is related to SQL Injection, which can be exploited via the "/php-jms/print judges.php" API endpoint with specific parameters such as se name and sub event id...
FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)
Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Date: 18/04/2023 Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests...
PT-2023-21341 · Unknown · Online Jewelry Shop
Name of the Vulnerable Software and Affected Versions: Online Jewelry Shop version 1.0 Description: A stored cross-site scripting XSS issue in the "/index.php?page=category list" API endpoint of Online Jewelry Shop allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2022-45170
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...
Improper access control
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskDOMAIN/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system a...
PT-2023-22337 · Unknown · Yoga Class Registration System
Name of the Vulnerable Software and Affected Versions: Yoga Class Registration System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the cid parameter at the "/admin/login.php" API endpoint. Recommendations: For Yoga Class...
PT-2023-21358 · H3C · H3C Magic R100
Name of the Vulnerable Software and Affected Versions: H3C Magic R100 version R100V100R005.bin Description: A stack overflow issue was discovered via the DeltriggerList interface at the "/goform/aspForm" API endpoint. This issue allows attackers to cause a Denial of Service DoS by sending a craft...
PT-2023-20883 · Totolink · Totolink A7100Ru
Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 B20191024 Description: A command injection issue was found via the pppoeAcName parameter at the "/setting/setWanIeCfg" API endpoint. Recommendations: For version 7.4cu.2313 B20191024, avoid using the...