56 matches found
CVE-2022-46308
SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information...
Xiaomi router 访问控制错误漏洞
Xiaomi router is a series of wireless routers from Chinese company Xiaomi. A security vulnerability exists in firmware version 2020 of the Xiaomi router, which stems from the lack of access control policies on some API interfaces, which could lead to WIFI password leakage and allow attackers to...
SUSE CVE-2017-3253
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network...
SUSE CVE-2018-2637
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker wi...
CVE-2022-48299
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...
EasyTest 安全漏洞
Huaqi Digital Technology Easytest is an online learning quiz platform of China Huaqi Digital Technology Company. A security vulnerability exists in EasyTest. A remote attacker can exploit this vulnerability to bypass intended access restrictions, call API functions, manipulate the system, and...
Mattermost Server exposes account details to any Team Administrator
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details...
CVE-2021-40416
An incorrect default permission vulnerability exists in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. All the Get APIs that are not included in cgicheckability are already executable by any logged-in users. An attacker can send an HTTP request to trigger...
CVE-2021-39998
There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart...
Pocsuite
This project is an open-sourced remote vulnerability testing and proof-of-concept development framework called Pocsuite. It is developed by the Knownsec 404 Team and supports Python 2.6+. The framework comes with a powerful proof-of-concept engine and many niche features for penetration testers a...
PT-2020-3961 · Microsoft · Sharepoint Foundation +1
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A remote code execution issue exis...
PT-2020-3529
Name of the Vulnerable Software and Affected Versions Java SE versions 7u261 and 8u251 Java SE Embedded version 8u251 Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and Java SE Embedded. This can be exploited by an unauthenticated...
CVE-2019-13143
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...
Unspecified vulnerability in Amcrest IPM-721S (CNVD-2019-24190)
The Amcrest IPM-721S is a wireless IP camera from Amcrest. An unspecified vulnerability exists in the Amcrest IPM-721S V2.420.AC00.16.R.20160909 release. An attacker can exploit the vulnerability by leveraging HTTP APIs to add an administrative user to the web management interface and perform...
Unauthorized Access Vulnerability in Sandbox Profiles Component of Multiple Apple Products
Apple iOS, OS X, tvOS, and watchOS are products of Apple Inc. Apple iOS is an operating system for mobile devices; OS X is a specialized operating system for Mac computers; tvOS is an operating system for smart TVs; and watchOS is an operating system for smart watches. Sandbox Profiles is one of...
CloudBees Jenkins CI and LTS Arbitrary Code Execution Vulnerability
CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . A...