WordPress 插件路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The OMGF WordPress plugin suffers from a path...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to the allocation of unlimited memory, allows a hacker to trigger a service failure.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the ignoring of a request parameter when working through the API. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service interruptions...

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution...

PT-2021-22451 · Capture · Capture

Name of the Vulnerable Software and Affected Versions: pcapture versions prior to 3.12 Description: The issue allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is significant because...

Misskey 跨站脚本漏洞

Misskey is a micro-blogging platform. A cross-site scripting vulnerability exists in versions of Misskey prior to 12.51.0, which stems from a built-in dialog box in the Web client that does not validate and escape user input. An attacker could display a malicious string in the dialog box and use ...

CVE-2021-1580

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller APIC or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see t...

VMware vRealize Operations 路径遍历漏洞

vmware VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid, and multi-cloud environments that delivers IT operations management on autopilot. A path traversal vulnerability exists in Vmware vRealize Operations Manager that stems from the...

VMware vRealize Operations 日志信息泄露漏洞

vmware VMware vRealize Operations is an application from vmware, Inc. A unified, AI-based platform for private, hybrid, and multi-cloud environments that delivers IT operations management on autopilot. A log information disclosure vulnerability exists in Vmware vRealize Operations Manager that...

PT-2021-4957 · Cisco · Cisco Apic +1

Name of the Vulnerable Software and Affected Versions: Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC affected versions not specified Description: A vulnerability in the API endpoint of the affected systems could all...

Cisco Application Policy Infrastructure Controller 命令注入漏洞

Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco. A command injection vulnerability exists in Cisco Application Policy Infrastructure Controller, which stems from the product's web UI and API endpoint not validati...

Larvata Flygo 安全漏洞

Larvata Flygo is an attendance clocking software from Larvata Taiwan. Larvata Flygo contains Insecure Direct Object Reference has a security vulnerability that allows a remote attacker authenticated as a regular user to manipulate user data by specifying the employee's ID in an API parameter and...

RPCMS 跨站脚本漏洞

RPCMS is a software application, a web CMS system. RPCMS suffers from a cross-site scripting vulnerability that stems from a failure to properly clean up the nickname variable before it is displayed on a page in RPCMS v1.8 versions and below. With the API functionality turned on, an attacker can...

Dell NetWorker 安全漏洞

DELL EMC NetWorker is a suite of unified backup and recovery software from Dell DELL USA. The software provides backup and recovery, deduplication elimination, backup reporting, and other features. A security vulnerability exists in DELL EMC NetWorker that originates from an improper implementati...

DEBIAN-CVE-2021-32743

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...

PT-2021-6527 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.15 and earlier MediaWiki versions 1.32.x through 1.35.x before 1.35.3 MediaWiki versions 1.36.x before 1.36.1 Description: The issue concerns unintended API access for bots in MediaWiki. When a bot account has a...

CVE-2020-25634

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected...

CVE-2020-26677

Any user logged in to a vFairs 3.3 virtual conference or event can perform SQL injection with a malicious query to the API...

The vulnerability of the programmatically defined Cisco SD-WAN API component allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the programmable Cisco SD-WAN API component is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

The vulnerability of the API sub-component of the Oracle Installed Base component of the Oracle E-Business Suite allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the API sub-component of the Oracle Installed Base component in the Oracle E-Business Suite system for automating business operations is related to code errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device...

Cisco SD-WAN vManage Software 资源管理错误漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A denial of service vulnerability exists in the API of Cisco SD-WAN vManage, which stems from insufficient handling of API requests and can be exploited by an attacker to cau...