Lucene search
+L

130 matches found

OSV
OSV
added 2022/04/05 7:15 p.m.4 views

CVE-2022-24978

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response...

8.8CVSS5.8AI score0.01092EPSS
Exploits0References2
NVD
NVD
added 2022/04/05 7:15 p.m.25 views

CVE-2022-24978

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response...

8.8CVSS0.01092EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/05 7:15 p.m.11 views

CVE-2022-24978

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response...

8.8CVSS5.8AI score0.01092EPSS
Exploits0References3
Prion
Prion
added 2022/04/05 7:15 p.m.14 views

Privilege escalation

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response...

6.5CVSS8.6AI score0.01092EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/05 6:24 p.m.32 views

CVE-2022-24978

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response...

8.9AI score0.01092EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.5 views

ZOHO ManageEngine ADAudit Plus 安全漏洞

An elevation of privilege vulnerability previously existed in Zoho ManageEngine ADAudit Plus 7055, which stems from the presence of a password field in a JSON response that an attacker could could use this vulnerability to perform an authenticated elevation of privilege on the integrated product...

8.8CVSS5.7AI score0.01092EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2022/03/15 9:9 a.m.21 views

redhat-support-lib-python and redhat-support-tool bug fix and enhancement update

An update is available for redhat-support-tool, redhat-support-lib-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The redhat-support-tool utility...

0.9AI score
Exploits0
WPVulnDB
WPVulnDB
added 2022/03/01 12:0 a.m.25 views

Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE

The plugin fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of arbitrary files as the content of the file is the...

9.8CVSS0.3AI score0.4783EPSS
Exploits2Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/09 10:19 p.m.42 views

Cross-site Scripting in Eclipse Hawkbit

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

6.1CVSS6.1AI score0.00829EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/02/09 10:19 p.m.34 views

GHSA-RCVX-RMVF-MXCH Cross-site Scripting in Eclipse Hawkbit

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

6.1CVSS6.2AI score0.00829EPSS
Exploits0References4
wpexploit
wpexploit
added 2022/01/26 12:0 a.m.105 views

WordPress GDPR & CCPA < 1.9.26 - Authenticated Reflected Cross-Site Scripting

The checkprivacysettings AJAX action of the plugin, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript...

9.6CVSS9.2AI score0.02085EPSS
Exploits2
Veracode
Veracode
added 2022/01/24 4:15 a.m.11 views

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to denial of service. The vulnerability exists due to the unhandled exception in the stupidjsondecode function of InGamePacketHandler.php when decoding an invalid JSON response form, which allows an attacker to cause an application crash...

3.3AI score
Exploits0
Hacker One
Hacker One
added 2021/12/12 6:43 a.m.74 views

FetLife: Able to access private picture/video/writing when requesting for their JSON response

Description Endpoint https://fetlife.com/users/user-id/pictures/pic-id has 2 types of responses, HTML and JSON. The type of response depends on Accept header of request it get. If request contains Accept: application/json, then it will return JSON response. Other than that, it returns HTML...

6.8AI score
Exploits0
OSV
OSV
added 2021/01/14 11:15 p.m.13 views

CVE-2020-27219

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

6.1CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2021/01/14 11:15 p.m.19 views

Design/Logic Flaw

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

4.3CVSS6.2AI score0.00829EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/01/14 10:20 p.m.34 views

CVE-2020-27219

In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 Not Found JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client...

6.2AI score0.00829EPSS
Exploits0References2
CVE
CVE
added 2021/01/14 10:20 p.m.121 views

CVE-2020-27219

CVE-2020-27219 affects Eclipse Hawkbit prior to 0.3.0M7. The REST API may return a 404 Not Found JSON response that includes the full, unescaped request path, exposing unsafe characters. This could disclose internal URL structure to an attacker that POSTs to a non-existent resource. Root cause: u...

6.1CVSS6.2AI score0.00829EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2020/05/14 12:24 p.m.28 views

VK.com: [m.vk.com] XSS на страницах /artist/

XSS при возвращении со страницы артиста. Insufficient validation of the from parameter at the artist page allowed the attacker to inject external URLs into the "Back" link using the LF char: https://m.vk.com/artist/marduk?from=%0A/external.com html When clicked, an ajax request to its URL was sen...

6.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/31 3:25 a.m.8 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data returning decrypted credentials

Summary IBM Watson Discovery for IBM Cloud Pak for Data returns decrypted credentials for data soruces in JSON response of internal API for processing settings. Vulnerability Details Third Party Entry: PSIRT-ADV0022492 DESCRIPTION: Created from Advisory: ADV0022492 CVSS Base score: 4.9 CVSS Vecto...

1.8AI score
Exploits0Affected Software1
Hacker One
Hacker One
added 2020/03/06 7:27 p.m.22 views

Brave Software: Username Information Disclosure via Json response - Using parameter number Intruder

Summary: Hi , Brave Team we found vulnerability's in your websites , I Found all username disclosed using Json Response parameter-number. Platforms Affected: website . https://community.brave.com/c/brave-feature-requests.json . https://community.brave.com/c/beta-builds/38.json Steps To Reproduce:...

6.8AI score
Exploits0
Rows per page
Query Builder