PT-2022-9174 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman affected versions not specified Description: A flaw was found in the Foreman project, specifically in the Datacenter plugin, which exposes the password through the API to an authenticated local attacker with view hosts permission. Thi...

Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions 6.8 through prior to 6.11 P3 6.11.0.3 that stems from the inclusion of incorrect API access controls in a multi-instance system, which can compromise...

Cisco ACI Multi-Site Orchestrator 安全漏洞

Cisco ACI Multi-Site Orchestrator is a multi-site orchestrator from Cisco. It provides consistent network and policy orchestration, scalability, and disaster recovery across multiple data centers through a single management platform, while allowing data centers to go wherever the data is. A...

CVE-2022-35734

'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

PT-2022-22570 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: SWFTools affected versions not specified Description: A segmentation violation was discovered in SWFTools via the /multiarch/memset-vec-unaligned-erms.S API endpoint. Recommendations: At the moment, there is no information about a newer versi...

Out-of-bounds Write to API in vim/vim

...

WordPress plugin MailerLite – Signup forms (official) 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-2647

A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

ITPison OMICARD EDM SQL注入漏洞

ITPison OMICARD EDM is a high-speed newsletter EDM marketing and distribution system from ITPison, China. A security vulnerability exists in ITPison OMICARD EDM that stems from insufficient validation of user input by API functions. A remote attacker can exploit the vulnerability by injecting...

ZOHO ManageEngine SupportCenter Plus 授权问题漏洞

ZOHO ManageEngine SupportCenter Plus is a web-based customer support software from ZOHO India. It is used to allow organizations to efficiently manage customer requests, their account and contact information, service contracts, and provide a superior customer experience in the process. A security...

PT-2022-3784 · Cisco · Cisco Nexus Dashboard

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco Nexus Dashboard, which could allow an unauthenticated, remote attacker to execute arbitrary commands, read or...

PT-2022-22193 · Digital Watchdog · Dw Spectrum Server

Name of the Vulnerable Software and Affected Versions: Digital Watchdog DW Spectrum Server version 4.2.0.32842 Description: The issue allows attackers to access sensitive information via a crafted API call. Recommendations: For Digital Watchdog DW Spectrum Server version 4.2.0.32842, consider...

Digital Watchdog DW MEGApix IP 信息泄露漏洞

Digital Watchdog DW MEGApix IP is a camera from Digital Watchdog. A security vulnerability exists in Digital Watchdog DW MEGApix IP version 4.2.0.32842, which stems from a vulnerability that allows an attacker to access sensitive information via a crafted API call...

The vulnerability of the API interface of the database of Cisco Expressway Series and Cisco Telepresence VCS devices allows attackers to perform attacks by bypassing the absolute path on the vulnerable device and rewriting files in the basic operating system with root privileges.

The vulnerability of the API interface of Cisco Expressway Series and Cisco Telepresence VCS database devices is related to insufficient checking of arguments entered by users during command execution. Exploiting this vulnerability allows attackers to perform attacks remotely, bypassing the...

CVE-2022-20812

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...

PT-2022-3468 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: The issue is related to multiple vulnerabilities in the API and the web-based management interface of the affected...

CVE-2021-32428

SQL Injection vulnerability in viaviwebtech Android EBook App Books App, PDF, ePub, Online Book Reading, Download Books 10 via the authorid parameter to api.php...

simplepush 资源管理错误漏洞

simplepush is a mobile application from the German company simplepush. Push notifications can be sent to your device immediately via API or third-party integration. A security vulnerability exists in simplepush that stems from the registration of a fake application using the wrong deviceTokens,...

Zulip 安全漏洞

Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations. A logic error vulnerability exists in Zulip versions 2.1.0 through 5.2, which originates when the server incorrectl...

PYSEC-2022-210

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...