1443 matches found
CubeCoders AMP 安全漏洞
AMP is a software application. for tracking all issues and bugs within the CubeCoders AMP platform. A security vulnerability exists in CubeCoders AMP versions prior to 2.1.x series 2.1.1.2 that allows an authenticated remote user to open a port in the local system firewall by writing an HTTPS...
China Mobile An Lianbao WF-1 命令注入漏洞
China Mobile An Lianbao WF-1 router is a router from China Mobile China. A security vulnerability exists in China Mobile An Lianbao WF-1 1.01, which originates from a POST request to api ZRQos to set up an online client via the "ip" parameter...
PT-2021-15763
Name of the Vulnerable Software and Affected Versions: Thrive Optimize WordPress plugin versions prior to 1.4.13.3 Thrive Comments WordPress plugin versions prior to 1.4.15.3 Thrive Headline Optimizer WordPress plugin versions prior to 1.3.7.3 Thrive Leads WordPress plugin versions prior to 2.3.9...
MediaWiki 权限许可和访问控制问题漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.31.12 and versions prior to 1.32.x series 1.35.x...
Dolby DAX2 API Service 代码问题漏洞
The Dolby DAX2 API Service is an audio service component from Dolby Laboratories USA. A code issue vulnerability exists in Dolby Audio X2 DAX2 API service versions prior to 0.8.8.90 that allows local users to gain privileges...
UBUNTU-CVE-2021-22202
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API...
PT-2021-15238 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.0.4 GitHub Enterprise Server versions prior to 2.22.10 GitHub Enterprise Server versions prior to 2.21.18 Description: An improper access control issue was identified that allowed access tokens...
GitHub node-etsy-client 信息泄露漏洞
GitHub node-etsy-client is a GitHub open source application. nodeJs Etsy ReST API client. A security vulnerability exists in node-etsy-client that stems from a reported client-side error will also provide the api key value...
IBM Spectrum Scale 安全漏洞
IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...
IBM API Connect 安全漏洞
IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. IBM API Connect suffers from a security vulnerability that allows an attacker to be able to use ...
Aruba Networks AirWave Management Platform SQL注入漏洞
Aruba Networks AirWave Management Platform is a suite of network management software for multi-vendor management from Aruba Networks. The software provides real-time monitoring, proactive alerting and historical data reporting. An SQL injection vulnerability exists in the API of Aruba Networks...
Datadog API 安全漏洞
Github datadog-api-client-java is Github an open source application . Provides a JAVA API interface. Datadog API before version 1.0.0-beta.9 A security vulnerability exists in the Datadog API before version 1.0.0-beta.9, which stems from a local disclosure of sensitive information downloaded...
GitHub Enterprise Server 安全漏洞
GitHub is a suite of hosting platforms for open source and private software projects. A security vulnerability exists in GitHub Enterprise Server that allows instances of authenticated users to gain write access to unauthorized repositories via specially designed pull requests and REST API...
The vulnerability of the API component of the Cisco ACI Multi-Site Orchestrator (MSO) allows a attacker to obtain a token with administrator privileges.
The vulnerability of the API component of the Cisco ACI Multi-Site Orchestrator MSO exists due to improper verification of tokens after they are released. Exploiting this vulnerability can allow an attacker who operates remotely to obtain tokens with administrator privileges...
CVE-2021-1388
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...
CVE-2021-27228
An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names such as constructor or hasOwnProperty to convince the System that the supplied API Key exists...
OESA-2021-1016 tpm2-tss security update
tpm2-tss is a software stack supporting Trusted Platform ModuleTPM 2.0 system APIs which provides TPM2.0 specified APIs for applications to access TPM module through kernel TPM drivers.\r\n\r\n Security Fixes:\r\n\r\n No description is available for this CVE.CVE-2020-24455\r\n\r\n...
vulscan
This is a Python-based web application for vulnerability scanning and management. The application is built using Django and has several features, including: 1. Vulnerability Scanning: The application can scan for vulnerabilities in web applications using a variety of plugins POCs. 2. Plugin...
Cisco DNA Center 安全漏洞
Cisco DNA Center is the network management and command center for Cisco DNA. An information disclosure vulnerability exists in the Configuration Archiving feature in Cisco DNA Center versions prior to 2.1.2.0. The vulnerability stems from the fact that configuration archive files are stored in...
PYSEC-2021-876
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface...