10 matches found
PT-2025-54458
Name of the Vulnerable Software and Affected Versions Cowrie versions prior to 2.9.0 Description Cowrie versions before 2.9.0 have a server-side request forgery SSRF issue in the emulated shell implementations of wget and curl. The default configuration allows these commands to make real outbound...
FetLife: Race condition in endpoint POST fetlife.com/users/invitation, allow attacker to generate unlimited invites
This report describes the same bug as 1455487. I rewrite this bug here to make the report clearer. I will self-close 1455487 right now. Description The Invite Your Friend to Join FetLife feature is vulnerable to race condition. By sending many requests at the same time to endpoint POST...
Apache Ozone 访问控制错误漏洞
Apache Ozone is a scalable, redundant and distributed object store for Hadoop and cloud-native environments. An authorization issue vulnerability exists in Apache Ozone Cluster versions prior to 1.1.0 related to the affected version allowing access to keys and buckets via curl commands or...
SOURCEFORGE MagpieRSS 代码问题漏洞
SOURCEFORGE MagpieRSS is SOURCEFORGE open source an application . Used to parse RSS 1.0 and earlier versions of a simple , practical PHP interface . MagpieRSS 0.72 has a security vulnerability where the curl command in /extlib/Snoopy.class.inc is not validated...
CVE-2021-22652: Advantech iView Missing Authentication RCE (FIXED)
Advantech iView versions prior to 5.7.03.6112 suffer from an instance of "CWE-306: Missing Authentication For Critical Function." This vulnerability CVE-2021-22652 has a CVSSv3 score of 9.8, which is usually CRITICAL, since it effectively allows anyone who can connect to the iView server to run...
CVE-2020-26076
A vulnerability in Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability b...
CVE-2020-26076 Cisco IoT Field Network Director Information Disclosure Vulnerability
A vulnerability in Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability b...
CVE-2020-26076 Cisco IoT Field Network Director Information Disclosure Vulnerability
A vulnerability in Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability b...
Cisco IoT Field Network Director Information Disclosure Vulnerability
A vulnerability in Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability b...
Feed2JS File Disclosure
Feed2JS is a tool for user-friendlydeveloper-wise embedding the RSS feeds on the pages without messing with XML. I’ve found out today that it’s vulnerable to local file disclosure all your /etc/passwds could be stolen. It could be used for remote file inclusion as well. tl;dr – fixed files at the...