17 matches found
EUVD-2020-19072
Malware in sbrugna...
EUVD-2020-19071
Malware in sbrugna...
CVE-2020-26526
An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid "Unable to find an APIDomain" versus "Wrong email or password"...
CVE-2020-26527
An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding with 200 OK and a wildcard 'Access-Control-Allow-Origin: ' header...
CVE-2020-26527
An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding with 200 OK and a wildcard 'Access-Control-Allow-Origin: ' header...
Cross site scripting
An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding with 200 OK and a wildcard 'Access-Control-Allow-Origin: ' header...
CVE-2020-26525
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers...
CVE-2020-26525
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers...
CVE-2020-26526
An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid "Unable to find an APIDomain" versus "Wrong email or password"...
Sql injection
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers...
Design/Logic Flaw
An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid "Unable to find an APIDomain" versus "Wrong email or password"...
CVE-2020-26527
The CVE-2020-26527 entry concerns Damstra Smart Asset 2020.7, specifically the API/api/Version endpoint. The underlying issue is a Cross-Origin Resource Sharing (CORS) misconfiguration where arbitrary origins are trusted by accepting any Origin header and replying with 200 OK and Access-Control-A...
CVE-2020-26527
An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding with 200 OK and a wildcard 'Access-Control-Allow-Origin: ' header...
CVE-2020-26526
Technical details about CVE-2020-26526 are not publicly provided in the supplied documents. What is disclosed is the login-page username enumeration issue for Damstra Smart Asset 2020.7. Monitor for updates from vendors/security advisories.
CVE-2020-26526
An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid "Unable to find an APIDomain" versus "Wrong email or password"...
CVE-2020-26525
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers...
CVE-2020-26525
Damstra Smart Asset 2020.7 is affected by a SQL injection in the API endpoint API/Asset originator parameter. The root cause is an SQL injection vulnerability that can cause the database and server to initiate remote connections to third‑party DNS servers. This CVE (CVE-2020-26525) is documented ...