2007 matches found
CVE-2023-23608
Spotipy (Python library for Spotify Web API) versions prior to 2.22.1 are affected by a path-traversal issue in URI handling. The library’s URI/URL parsing can insert arbitrary characters into the API-request path (e.g., ".."), allowing requests to be redirected from one endpoint to another (such...
Path traversal in spotipy
Summary If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. Details The code Spotipy uses to parse URIs and URLs accepts user data too liberally which allows a malicious user to insert arbitrary characters...
Spotipy -- Path traversal vulnerability
Stéphane Bruckert If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended...
CVE-2022-3841
RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery SSRF vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes RHACM. An attacker could take advantage of this as the console API endpoint is missing an...
PT-2023-15114 · Unknown · Dynamic Transaction Queuing System
Name of the Vulnerable Software and Affected Versions: Dynamic Transaction Queuing System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/ajax.php?action=save window" API endpoint...
PT-2023-15109 · Unknown · Helmet Store Showroom Site
Name of the Vulnerable Software and Affected Versions: Helmet Store Showroom Site version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/classes/Master.php?f=delete category" API endpoint. Recommendations:...
CVE-2022-3841
CVE-2022-3841 is an unauthenticated SSRF in the RHACM console API endpoint of Red Hat Advanced Cluster Management for Kubernetes. The vulnerability arises from a missing authentication check on the console API, enabling unauthenticated requests. CVSSv3.1 base score is 7.8 (High), with LOCAL attac...
PT-2022-28019 · Tenda · Tenda Ac15
Name of the Vulnerable Software and Affected Versions: Tenda A15 version 15.13.07.13 Description: A stack overflow issue was discovered in the security parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Tenda A15 version 15.13.07.13, consider restricting access to the...
PT-2022-23535 · Unknown · Password Manager For Iis
Name of the Vulnerable Software and Affected Versions: Password Manager for IIS version 2.0 Description: The issue is a cross-site scripting XSS vulnerability. It occurs via the "/isapi/PasswordManager.dll" API endpoint, specifically through the ResultURL parameter. This allows for potential...
Ghost unauthorized newsletter modification vulnerability
Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...
PT-2022-27894 · Tenda · Tenda F1203
Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered via the entrys parameter at the "/goform/addressNat" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, consider restricting access to the...
PT-2022-27903 · Tenda · Tenda F1203
Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered via the deviceId parameter at the "/goform/saveParentControlInfo" API endpoint. This issue allows for potential exploitation. Recommendations: For Tenda F1203...
PT-2022-27888 · Tenda · Tenda F1203
Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered via the speed dir parameter at the "/goform/SetSpeedWan" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, as a temporary workaround, consider...
PT-2022-27897 · Tenda · Tenda F1203
Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered via the mitInterface parameter at the "/goform/addressNat" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, as a temporary workaround, consider...
PT-2022-27899 · Tenda · Tenda F1203
Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered via the page parameter at the "/goform/NatStaticSetting" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, consider restricting access to the...
PT-2022-27743 · Unknown · Helmet Store Showroom Site
Name of the Vulnerable Software and Affected Versions: Helmet Store Showroom Site version 1.0 Description: The issue is related to SQL Injection. It can be exploited via the "/hss/?page=product per brand&bid=" API endpoint. The bid variable is vulnerable to SQL Injection attacks. Recommendations:...
PT-2022-27748 · Unknown · Helmet Store Showroom Site
Name of the Vulnerable Software and Affected Versions: Helmet Store Showroom Site version 1.0 Description: The issue is related to SQL Injection. It can be exploited via the "/hss/admin/categories/view category.php?id=" API endpoint, specifically through the id variable. Recommendations: For Helm...
PT-2022-24424 · Unknown · Logrocket-Oauth2-Example
Name of the Vulnerable Software and Affected Versions: logrocket-oauth2-example versions prior to 2020-05-27 Description: The issue allows SQL injection via the /auth/register API endpoint, specifically through the username parameter. Recommendations: For versions prior to 2020-05-27, as a...
PT-2022-27454 · Unknown · Dynamic Transaction Queuing System
Name of the Vulnerable Software and Affected Versions: Dynamic Transaction Queuing System version 1.0 Description: The issue is related to an arbitrary file upload vulnerability in the "/queuing/admin/ajax.php?action=save settings" API endpoint. This vulnerability allows attackers to execute...
PT-2022-27559 · Tenda · Tenda W30E
Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered via the page parameter at the "/goform/VirtualSer" API endpoint. Recommendations: For Tenda W30E version 1.0.1.25633, consider disabling access to the...