2006 matches found
PT-2022-23476 · Tenda · Tenda Ac9
Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.05.19 Description: A stack overflow issue was discovered via the deviceList parameter at the "/goform/setMacFilterCfg" API endpoint. Recommendations: For Tenda AC9 version 15.03.05.19, avoid using the deviceList...
PT-2022-23475 · Tenda · Tenda Ac9
Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.05.19 Description: A stack overflow issue was discovered via the list parameter at the "/goform/setPptpUserList" API endpoint. Recommendations: For Tenda AC9 version 15.03.05.19, avoid using the list parameter in the...
PT-2022-4568 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.10 through 15.1.6 GitLab CE/EE versions 15.2 through 15.2.4 GitLab CE/EE versions 15.3 through 15.3.2 Description: A vulnerability in GitLab CE/EE allows an authenticated user to achieve remote code execution via the...
PT-2022-23480 · Unknown · Pagekit Cms
Name of the Vulnerable Software and Affected Versions: Pagekit CMS version 1.0.18 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under the "/blog/post/edit" API endpoint. The Markdow...
PT-2022-23546 · Unknown · Simple Task Scheduling System
Name of the Vulnerable Software and Affected Versions: Simple Task Scheduling System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/classes/Master.php?f=delete category" API endpoint. Recommendation...
PT-2022-23449 · Unknown · Kensite Cms
Name of the Vulnerable Software and Affected Versions: Kensite CMS version 1.0 Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities can be exploited via the name and oldname parameters at the "/framework/mod/db/DBMapper.xml" API endpoint. Recommendations:...
PT-2022-23459 · Unknown · Edoc-Doctor-Appointment-System
Name of the Vulnerable Software and Affected Versions: Edoc-doctor-appointment-system version 1.0.1 Description: The issue is related to a reflected cross-site scripting XSS vulnerability. This vulnerability is located at the "/patient/index.php" API endpoint and allows attackers to execute...
CVE-2022-36804
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before...
PT-2022-23579 · Unknown · Library Management System
Name of the Vulnerable Software and Affected Versions: Library Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/changestock.php" API endpoint. Recommendations: For Library...
PT-2022-23796 · Totolink · Totolink A7000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A7000R version 9.1.0u.6115 B20201022 Description: A command injection issue was found in the setting/setTracerouteCfg API endpoint, specifically via the command parameter. Recommendations: For version 9.1.0u.6115 B20201022, as a...
PT-2022-16224 · Ece · Ece
Name of the Vulnerable Software and Affected Versions: ECE versions prior to 3.4.0 Description: A flaw in ECE might lead to the disclosure of sensitive information, such as user passwords and Elasticsearch keystore settings values, in logs like the audit log or deployment logs in the Logging and...
PT-2022-24084 · Tenda · Tenda Ac1206
Name of the Vulnerable Software and Affected Versions: Tenda AC1206 version 15.03.06.23 Description: A stack overflow issue was discovered via the page parameter in the fromDhcpListClient function. Recommendations: For Tenda AC1206 version 15.03.06.23, consider disabling the fromDhcpListClient...
PT-2022-23909 · Tenda · Tenda Ax12
Name of the Vulnerable Software and Affected Versions: Tenda AX12 version V22.03.01.21 CN Description: The issue is related to a Buffer Overflow that occurs in the sub 42FDE4 function. This function handles POST requests under the "/goform/SetIpMacBind" API endpoint, which is triggered by the sub...
PT-2022-8644 · Zoho · Manageengine Analytics Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Analytics Plus versions prior to 4350 Description: A Directory Traversal issue exists due to the ZDBQAREFSUBDIR parameter in the "/zropusermgmt" API endpoint. This allows remote attackers to potentially run arbitrary code...
PT-2022-22901 · Tenda · Tenda W6
Name of the Vulnerable Software and Affected Versions: Tenda W6 version 1.0.0.94122 Description: A stack overflow issue exists in the "/goform/wifiSSIDget" API endpoint, which can be exploited by attackers to cause a denial of service DoS via the index parameter. Recommendations: For Tenda W6...
PT-2022-22204 · Unknown · Barangay Management System
Name of the Vulnerable Software and Affected Versions: Barangay Management System version 1.0 Description: A SQL injection issue was found in the Barangay Management System. The vulnerability can be exploited via the hidden id parameter at the "/pages/permit/permit.php" API endpoint...
CVE-2022-36129
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...
CVE-2022-36129
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure...
Security Bulletin: IBM Engineering Lifecycle Management is vulnerable(Server-Side Request Forgery vulnerability) when requesting resource over an API endpoint to verify URls from target application server.(CVE-2021-20421)
Summary Summary guidance: - There is Server-Side Request Forgery vulnerability when requesting resource over an API endpoint to verify URLs from target application server. Vulnerability Details CVEID: CVE-2021-20421 DESCRIPTION: IBM Jazz Foundation is vulnerable to server-side request forgery SSR...
PT-2022-3878 · Robustel · Robustel R1510
Name of the Vulnerable Software and Affected Versions: Robustel R1510 version 3.3.0 Description: The issue is related to command injection vulnerabilities in the web server action endpoints functionalities. A specially-crafted network request can lead to arbitrary command execution. The...