171 matches found
CVE-2024-27163
CVE-2024-27163 affects Toshiba printers (notably MFPs/e-Studio). It exposes admin passwords (and additional passwords) in clear-text when two specific HTTP requests are sent to the internal API; an attacker who can steal an admin cookie or exploit XSS can recover these passwords and compromise th...
PT-2024-22652 · Dell · Dell Scg
Name of the Vulnerable Software and Affected Versions: Dell SCG versions prior to 5.24.00.00 Description: The issue is related to an Improper Access Control vulnerability in the SCG exposed for an internal update REST API. This API is only accessible if enabled by an Admin user from the UI. A...
MGASA-2024-0079 Updated libuv packages fix security vulnerability
It was discovered that the uvgetaddrinfo function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks. CVE-2024-24806...
Internet Bug Bounty: Libuv: Improper Domain Lookup that potentially leads to SSRF attacks
The vulnerability in the libuv library was caused by the improper truncation of hostnames to 256 characters before calling the getaddrinfo function. This behavior allowed the creation of addresses like 0x00007f000001, which were considered valid by getaddrinfo, potentially leading to SSRF attacks...
CVE-2023-29051
User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users...
Malicious code in @mendeley-internal/api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1bf5f20cb296d38e4859cdddfe26a5243135d149cd3f20f393a7a088c159110c Withdrawn Advisory This advisory has been withdrawn because it was generated erroneously. This link is maintained to preserve external references. Origin...
Private APIs at Risk: Q1-2023 API ThreatStats™ Report
According to a Mar-2022 API survey by Gartner, 98% of organizations use or are planning to use internal APIs – up from 88% in 2019. And 90% of organizations use or are planning to use private APIs provided by partners – up from 68% in 2019. Obviously, there’s a big blind spot in your API security...
CVE-2023-28645
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments
Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...
Secure view can be bypassed by using internal API endpoint
None...
CVE-2023-20059
A vulnerability in the implementation of the Cisco Network Plug-and-Play PnP agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper...
CVE-2023-20059
A vulnerability in the implementation of the Cisco Network Plug-and-Play PnP agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper...
Veeam Backup & Replication Remote Code Execution Vulnerability
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...
Veeam Backup & Replication Remote Code Execution Vulnerability
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...
VulnCheck KEV: CVE-2022-26500
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...
VulnCheck KEV: CVE-2022-26501
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...
Open-Xchange OX App Suite 安全特征问题漏洞
Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security feature issue vulnerability exists in Open-Xchange OX App Suite versions prior to 7.10.6 that stems from a conflict that can change the parameters of an API request between OX App...
U.S. Dept Of Defense: Unauthenticated access to internal API at██████████.███.edu [HtUS]
There was unauthenticated access to internal API at██████████.███.edu. Multiple API calls allowed an attacker to gain access to the internal API via the Azure API url appg3entcalapi.azurewebsites.net. The access to█████.██████.edu was only supposed to be available to internal users...
Malicious code in @igdb/internal-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ec79cfda0dc3373cf41672610a4ab803332e33b369873a2d18a0932ba8b807d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-348 Malicious code in @igdb/internal-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ec79cfda0dc3373cf41672610a4ab803332e33b369873a2d18a0932ba8b807d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...