2006 matches found
Authenticated-RCE-CuppaCMS
Authenticated-RCE-CuppaCMS CuppaCMS is vulnerable to Authentic...
F5 NGINX Controller API Code Injection Vulnerability
The F5 NGINX Controller is a self-service, API-driven platform for managing NGINIX Plus that can be easily integrated into CI/CD workflows to accelerate application deployment and simplify application lifecycle management. user" or "admin" role access and authenticated attackers can use an...
WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting Vulnerability
WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability. Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the...
CVE-2021-33964
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/setfirewalllevel which receives parameters by POST request, and the parameter firewalllevel has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...
CVE-2021-24838
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature...
Open redirect
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature...
CVE-2021-24838 AnyComment < 0.3.5 - Open Redirect
The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature...
CVE-2021-33963
China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/macaddrclone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...
minio -- User privilege escalation
minio developers report: AddUser API endpoint was exposed to a legacy behavior. i.e it accepts a "policy" field This API is mainly used to create a user or update a user's password. However, a malicious client can hand-craft an HTTP API call that allows for updating Policy for a user and gaining...
CVE-2021-44877
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability ha...
AnyComment <= 0.3.1 - Open Redirect
The plugin has an API endpoint which passes user input via the redirect parameter to the wpredirect function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature. PoC...
OSIsoft PI Server 跨站脚本漏洞
Osisoft OSIsoft PI is a commercial software application platform based on the Ckient/Server architecture from OSIsoft Osisoft, USA. The platform supports data collection, analysis and visualization, etc. A security vulnerability exists in OSIsoft PI Server, which can be exploited by remote...
LDAP Injection
github.com/apache/trafficcontrol is vulnerable to LDAP injection. An attacker is able to send malicious username to the the login or post endpoint of any API version, inject unsanitized content into the LDAP filter, allowing the malicious query injection...
CVE-2021-43350 LDAP filter injection vulnerability in Traffic Ops
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter...
CVE-2021-39179
CVE-2021-39179 concerns DHIS2 Tracker API SQL injection affecting authenticated users. Provided documents (NVD, Red Hat RH, OSV, CVE lists) describe a SQL injection in the Tracker component that can be triggered via POST paths /api/trackedEntityInstances and /api/trackedEntityInstances/query, imp...
PT-2021-22548 · WordPress · Optinmonster
Name of the Vulnerable Software and Affected Versions: OptinMonster WordPress plugin versions up to, and including, 2.6.4 Description: The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation...
GHSA-4365-FHM5-QCRX Maliciously Crafted Model Archive Can Lead To Arbitrary File Write
Impact An Archive Extraction Zip Slip vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file. Patches The vulnerability is fixed ...
CVE-2021-41127 Maliciously Crafted Model Archive Can Lead To Arbitrary File Write in rasa
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model tar.gz file which allows a malicious actor to craft a model.tar.gz file which can overwrite or replace bot...
GitLab: IDOR in "external status check" API leaks data about any status check on the instance
Summary The API endpoint for returning approval from an external status check contains an IDOR that lets a user list information about all external status checks on the GitLab instance. The feature is an Ultimate feature, but can be accessed by starting an Ultimate trial on GitLab.com. So the...
CVE-2021-34782 Cisco DNA Center Information Disclosure Vulnerability
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An...