28 matches found
CVE-2023-25492
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API...
EUVD-2022-42307
Malicious code in bioql PyPI...
EUVD-2023-29447
Malicious code in bioql PyPI...
EUVD-2023-29450
Malicious code in bioql PyPI...
CVE-2018-14573
A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...
CVE-2023-25492
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API...
CVE-2023-25492
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API...
CVE-2023-25492
Lenovo XClarity Controller (XCC) is affected by CVE-2023-25492, a format-string injection vulnerability in the XCC web interface API that could allow a remote authenticated attacker to trigger a denial of service or other undefined behavior. The issue is confirmed across multiple advisories (Red ...
CVE-2023-25492
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API...
CVE-2023-25495
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured...
PT-2023-8788 · Haproxy +4 · Haproxy +4
Name of the Vulnerable Software and Affected Versions: Roxy-WI version 6.3.9.0 Description: A Path Traversal issue was found in Roxy-WI, a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. This issue can be exploited via an HTTP request to "/app/options.py" and the config...
CVE-2021-36686
Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...
PT-2023-12296 · Yapi · Yapi
Name of the Vulnerable Software and Affected Versions: yapi version 1.9.1 Description: A Cross Site Scripting XSS issue allows attackers to execute arbitrary code via the "interface/api" edit page. Recommendations: For yapi version 1.9.1, update to a newer version that contains a fix for this iss...
CVE-2021-36686
Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...
CVE-2022-39862
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R11 and 3.3.03.66 in Android S12 allows unauthorized use of javascript interface api...
Authorization
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R11 and 3.3.03.66 in Android S12 allows unauthorized use of javascript interface api...
CVE-2022-39862
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R11 and 3.3.03.66 in Android S12 allows unauthorized use of javascript interface api...
CVE-2022-30746
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API...
Design/Logic Flaw
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API...
CVE-2022-30746
Summary: CVE-2022-30746 affects Samsung SmartThings prior to 1.7.85.12. A missing caller check in the JavaScript interface API can allow a remote attacker to access sensitive information. The vulnerability is described across multiple sources (NVD, Red Hat, CNVD/CNNVD references) as a missing cal...