Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Organization V2Beta API endpoints. An attacker can access and modify data belonging to other organizations by bypassing authorization checks with administrator privileges for a...

PT-2024-23697 · V Sol · V-Sol G/Epon Onu Hg323Ac-B

Name of the Vulnerable Software and Affected Versions: V-SOL G/EPON ONU HG323AC-B version V2.0.08-210715 Description: An issue in the software allows an attacker to execute arbitrary code and obtain sensitive information via crafted POST requests to "/boaform/getASPdata/formFirewall" and...

PT-2024-3328 · Maccms · Maccms

Name of the Vulnerable Software and Affected Versions: Macs CMS version 1.1.4f Description: The issue is related to a lack of protection against SQL injection attacks when handling certain parameters, including resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole,...

PT-2024-14586 · Caddy · Caddy +1

Name of the Vulnerable Software and Affected Versions: caddy-security plugin for Caddy version 1.1.20 Description: The issue allows reflected Cross-site Scripting XSS via a GET request to a URL that contains an XSS payload and begins with either a "/admin" or "/settings/mfa/delete/" substring. Th...

PT-2023-32979 · Wallabag · Wallabag

Name of the Vulnerable Software and Affected Versions: wallabag versions prior to 2.6.7 Description: The issue allows attackers to arbitrarily disable 2FA through "config/otp/app/disable" and "config/otp/email/disable" API endpoints. Recommendations: For versions prior to 2.6.7, upgrade your...

PT-2022-25013 · Nokia · Nokia 1350 Oms

Name of the Vulnerable Software and Affected Versions: NOKIA 1350 OMS version R14.2 Description: The issue allows authenticated users to execute commands on the operating system due to multiple OS Command Injection vulnerabilities. These vulnerabilities occur in the /cgi-bin/R14.2/log.pl endpoint...

PT-2022-23255 · Unknown · Bus Pass Management System

Name of the Vulnerable Software and Affected Versions: Bus Pass Management System version 1.0 Description: Multiple SQL injections were detected in the Bus Pass Management System. The issue affects several API endpoints, including "buspassms/admin/view-enquiry.php",...

PT-2022-15683 · Cybonet · Pineapp Mail Relay

Name of the Vulnerable Software and Affected Versions: Cybonet - PineApp Mail Relay affected versions not specified Description: The issue concerns an unauthenticated SQL injection vulnerability. An attacker can send a request to specific API endpoints, such as...

PT-2021-16927 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.26 Description: A missing token check causes a CSRF issue in data download endpoints in com banners and com sysinfo. This allows for potential exploitation. Recommendations: For Joomla! versions 3.0.0 throug...

PT-2020-18975 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe version 4.5.0 Description: The issue allows attackers to read certain records that should not have been placed into a result set. This is due to the automatic permission-checking mechanism in the silverstripe/graphql module not...

PT-2019-11310 · Jenkins · Jenkins Blue Ocean Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Blue Ocean Plugins versions 1.10.1 and earlier Description: A data modification issue exists that allows attackers to bypass all cross-site request forgery protection in the Blue Ocean API. The vulnerability is found in several files,...