2006 matches found
CVE-2021-1577
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due t...
Improper access control
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due t...
CVE-2021-1578
CVE-2021-1578 affects Cisco APIC and Cloud APIC via an API endpoint where improper policy defaults allow an authenticated, remote attacker with unprivileged MSO credentials to send a specific API request and obtain Administrator credentials on the affected device. Connected sources confirm the ro...
CVE-2021-1577 Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write Vulnerability
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due t...
Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device. This vulnerability is d...
Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write Vulnerability
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due t...
CVE-2021-32728
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...
CVE-2021-32728
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...
CVE-2021-32728 End-to-end encryption device setup did not verify public key
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...
CVE-2021-32728
The CVE describes a vulnerability in Nextcloud Desktop Client prior to 3.3.0 where the client does not verify that a private key matches the previously downloaded public certificate when obtaining keys via the API. If a server serves a malicious public key, user data could be encrypted for that k...
CVE-2021-32728
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...
PT-2021-6528 · Nextcloud +1 · Nextcloud Desktop Client +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.3.0 Description: The issue is related to the end-to-end encryption feature of the Nextcloud Desktop Client, where the client fails to check if a private key belongs to a previously downloaded publi...
CVE-2021-32790 Blind SQL Injection possible via Authenticated Web-hook Search API Endpoint
Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors already having admin access, or API keys to the WooCommerce site can exploit vulnerable...
Sql injection
The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...
PT-2021-10508 · Baigo Cms · Baigo Cms
Name of the Vulnerable Software and Affected Versions: baigo CMS version 4.0-beta-1 Description: A cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML via the post parameter to the "/public/console/profile/info-submit/" API endpoint. Recommendations: For baigo CMS...
PT-2021-5345
Name of the Vulnerable Software and Affected Versions ForgeRock Access Management AM Core Server versions prior to 7.0 ForgeRock OpenAM version 14.6.3 and earlier Description The issue is related to a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. This...
Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass (cisco-sa-mso-authbyp-bb5GmBQv)
According to its self-reported version, a vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper tok...
Acronis: CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud
Summary Hi team, I hope everything goes well. I have found a CSS Injection in Acronis Cloud Management Consolehttps://mc-beta-cloud.acronis.com/mc via the colorscheme GET parameter. Description: The flow work as I will comment below. If we go to the URL...
CVE-2021-32704
DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endpoint in DHIS2 versions 2.34.4, 2.35.2,...
CVE-2021-32704
DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endpoint in DHIS2 versions 2.34.4, 2.35.2,...