2005 matches found
CVE-2020-35579
CVE-2020-35579 affects tindy2013 subconverter 0.6.4. The API endpoint /sub?target=%TARGET%&url=%URL%&config=%CONFIG% accepts an arbitrary URL value and issues a GET request for it, but does not account for the external request target redirecting back to the original /sub endpoint. This can create...
CVE-2020-26176
An issue was discovered in tangro Business Workflow before 1.18.1. No or broken access control checks exist on the /api/document//attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to...
CVE-2020-26176
An issue was discovered in tangro Business Workflow before 1.18.1. No or broken access control checks exist on the /api/document//attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to...
CVE-2020-26176
The vulnerability CVE-2020-26176 affects tangro Business Workflow prior to 1.18.1. It arises from missing/broken access control on the /api/document//attachments endpoint, allowing an attacker who knows a document ID to enumerate all attachments for that work item and obtain their IDs. Impact as ...
Security Bulletin: IBM Cloud Functions web actions API endpoint change
Summary In order to improve the stability of the service and to prevent potential weaknesses in the services' web actions functionality we introduced a new IBM Cloud Functions API endpoint .functions.appdomain.cloud for web actions which use text/html response data. The previously used API endpoi...
U.S. Dept Of Defense: IDOR on https://██████ via POST UID enables database scraping
Summary: The UID parameter on █████████ in the ██████ ███████ system, with ███████, does not validate that the caller has permission to view information on the UID entered, thereby enabling personnel and student data extraction. Description: The user operations API endpoint for the ███ ██████████...
PT-2020-17155 · Zeroshell · Zeroshell
Name of the Vulnerable Software and Affected Versions: Zeroshell version 3.9.3 Description: The issue allows an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character in the /cgi-bin/kerbynet API endpoint, specifically through the StartSessionSubm...
PT-2020-13082 · Intelbras · Intelbras Tip 200 Lite +2
Name of the Vulnerable Software and Affected Versions: Intelbras TIP200 version 60.61.75.15 Intelbras TIP200LITE version 60.61.75.15 Intelbras TIP300 version 65.61.75.15 Description: The issue allows for XSS attacks through the /cgi-bin/cgiServer.exx API endpoint, specifically when the page...
CVE-2020-26552
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access...
CVE-2020-26223
Spree is a complete open source e-commerce solution built with Ruby on Rails. In Spree from version 3.7 and before versions 3.7.13, 4.0.5, and 4.1.12, there is an authorization bypass vulnerability. The perpetrator could query the API v2 Order Status endpoint with an empty string passed as an Ord...
CVE-2020-26223 Authorization bypass in Spree
Spree is a complete open source e-commerce solution built with Ruby on Rails. In Spree from version 3.7 and before versions 3.7.13, 4.0.5, and 4.1.12, there is an authorization bypass vulnerability. The perpetrator could query the API v2 Order Status endpoint with an empty string passed as an Ord...
Cisco Integrated Management Controller Authorization Bypass (cisco-sa-cimc-auth-zWkppJxL)
According to its self-reported version, Cisco Unified Computing System Management Software is affected by an authorization bypass vulnerability due to improper authorization checks on API endpoints. An authenticate, remote attacker can exploit this issue, by sending malicious requests to an API...
CVE-2020-28002
In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint...
Authentication flaw
In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint...
CVE-2020-25966
Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendo...
PT-2020-16257 · Sectona · Sectona Spectra
Name of the Vulnerable Software and Affected Versions: Sectona Spectra versions prior to 3.4.0 Description: The issue concerns a vulnerable SOAP API endpoint that leaks sensitive information about configured assets without proper authentication. This could be exploited by unauthorized parties to...
Authentication flaw
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint...
CVE-2020-13297
CVE-2020-13297 : GitLab versions before 13.1.10, 13.2.8, and 13.3.4 are affected. A flaw allows a malicious user to bypass the 2FA restriction for groups by sending a crafted query to the API endpoint. The vulnerability is caused by improper authorization checks in the group-level 2FA flow, enabl...
PT-2020-13438 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 Description: A security issue was found that allows a malicious user to bypass 2-factor authentication restrictions for groups. This can be...
GHSA-8MGG-5X65-M4M4 Command Injection in soletta-dev-app
All versions of soletta-dev-app are vulnerable to Command Injection. The package does not validate user input on the /api/service/status API endpoint, passing contents of the service query parameter to an exec call. This may allow attackers to run arbitrary commands in the system. Recommendation ...