5 matches found
CVE-2021-29052
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls...
PYSEC-2024-17
pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...
CVE-2016-1441
Cisco Cloud Network Automation Provisioner CNAP 1.00 in Cisco Configuration Assistant CCA allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145...
Code injection
Cisco Cloud Network Automation Provisioner CNAP 1.00 in Cisco Configuration Assistant CCA allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145...
CVE-2016-1441
Cisco Cloud Network Automation Provisioner CNAP 1.00 in Cisco Configuration Assistant CCA allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145...