84 matches found
PYSEC-2022-43135
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
FreeTAKServer 访问控制错误漏洞
FreeTAKServer is an open source lightweight server from the FreeTAKTeam team. It is used to connect to TAK clients. FreeTAKServer suffers from an access control error vulnerability, which stems from the fact that Endpoint/ManageRoute/postRoute can be accessed without authentication, and can be...
FreeTAKServer 信任管理问题漏洞
FreeTAKServer is an open source lightweight server from the FreeTAKTeam team. It is used to connect to TAK clients. FreeTakServer suffers from a trust management issue vulnerability that stems from the fact that the Flask Secrets Key has three relevant locations that are hard-coded, which can be...
FreeTAKServer-UI 安全漏洞
FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam team.FreeTAKServer-UI has a security vulnerability that could be exploited by an attacker to place arbitrary files anywhere on the system...
FreeTAKServer-UI 信息泄露漏洞
FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam.FreeTAKServer-UI has an information disclosure vulnerability that stems from the fact that the WebUI leaks the RestAPI and Websocket tokens in the javascript source code, which can be exploited by an attacker to cause a...
CVE-2022-25512
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...
CVE-2022-25512
CVE-2022-25512 affects FreeTAKServer-UI v1.9.8. The root cause described in connected documents is that the WebUI leaks sensitive tokens (API and Websocket) in the JavaScript source, enabling information disclosure. The CVSS data from NVD indicates a high confidentiality impact (C:H) with network...
CVE-2022-25512
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...
CVE-2022-25511
FreeTAKServer-UI v1.9.8 contains a path traversal vulnerability in the ?filename= parameter of the /DataPackageTable route that can allow attackers to place arbitrary files on the system. This is documented across multiple sources (CVE-2022-25511 and related advisories). The exact root cause is n...
CVE-2022-25511
An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...
CVE-2022-25510
The CVE-2022-25510 issue affects FreeTAKServer 1.9.8, where a hardcoded Flask secret key enables attackers to craft cookies to bypass authentication or escalate privileges. Root cause: the Flask secret key is stored in code/config instead of being externally supplied, compromising session integri...
CVE-2022-25510
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
CVE-2022-25511
An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...
CVE-2022-25510
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...
CVE-2022-25508
An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create unsafe or false routes for legitimate users...
CVE-2022-25508
An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create unsafe or false routes for legitimate users...
CVE-2022-25508
FreeTAKServer v1.9.8 has an access control vulnerability in the /ManageRoute/postRoute endpoint that allows unauthenticated users to cause a DoS by creating an unusually large number of routes (or unsafe/false routes). The issue is documented across multiple sources (NVD, OSV, CNVD, GHSA/GitHub a...
CVE-2022-25507
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...
CVE-2022-25506
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...
CVE-2022-25507
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...