Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad version v5.3.0, which stems from insufficient privilege validation, and can be exploited by an attacker to make changes to the labels of its customers' tickets using the Zamma...

CVE-2022-26872

AMI Megarac Password reset interception via API...

PT-2023-1336 · Ami · Ami Megarac

Name of the Vulnerable Software and Affected Versions: AMI MegaRAC affected versions not specified Description: The issue is related to insufficient password hash computation in the Redfish and API components of the AMI MegaRAC firmware. This could allow a remote attacker to gain unauthorized...

GHSA-Q764-G6FM-555V Path traversal in spotipy

Summary If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. Details The code Spotipy uses to parse URIs and URLs accepts user data too liberally which allows a malicious user to insert arbitrary characters...

API Mediation Layer 授权问题漏洞

The API Mediation Layer is an API mediation layer that provides a single access point to the Mainframe Services REST API. A security vulnerability exists in API Mediation Layer versions 1.16 through 1.19. An attacker exploiting this vulnerability could manipulate JWT tokens without knowing the JW...

PT-2023-14418 · Ge Grid Solutions · Fc46-Webbridge

Name of the Vulnerable Software and Affected Versions: FC46-WebBridge on GE Grid Solutions MS3000 devices versions prior to 3.7.6.25p0 3.2.2.17p0 4.7p0 Description: An issue was discovered that allows direct access to the API on TCP port 8888 via programs located in the cgi-bin folder without any...

firefly-iii 授权问题漏洞

firefly-iii is a free and open source personal finance manager. A vulnerability with authorization issues exists in versions of firefly-iii prior to 5.8.0, which stems from its API failing to properly check authorization...

PT-2023-14738 · Unknown · Doctor Appointment Management System

Name of the Vulnerable Software and Affected Versions: Doctor Appointment Management System version 1.0.0 Description: The issue is related to a cross-site scripting XSS vulnerability. Cross-site scripting is a type of security vulnerability that occurs when an attacker is able to inject maliciou...

aEnrich a+HRD 授权问题漏洞

aEnrich a+HRD is a full-service human resources development solution from aEnrich, Inc. A security vulnerability exists in aEnrich a+HRD that stems from an incorrect login authentication feature in its a+HRD allowing an unauthenticated, remote attacker to bypass authentication and gain access to...

memos 访问控制错误漏洞

memos is an open source hosted meme center with knowledge management and social features. An access control error vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to view any content in a private private memo from another user via the api...

memos 授权问题漏洞

memos is an open source hosted meme center with knowledge management and social features. A vulnerability exists in memos prior to version 0.9.1 due to an authorization issue, which can be exploited by an attacker to archive any private memos, delete any shortcuts, and edit any shortcuts from oth...

memos 安全漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to delete all notes across the application via the API...

VMware vRealize Network Insight 路径遍历漏洞

VMware vRealize Network Insight is a tool from VMware, Inc. that helps customers build optimized, highly available and secure network infrastructures across multi-cloud environments. VMware vRealize Network Insight suffers from a path traversal vulnerability that stems from its vRNI REST API that...

CVE-2022-3710

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA...

Sophos Firewall SQL注入漏洞

Sophos Firewall is a firewall from Sophos UK. A SQL injection vulnerability exists in versions prior to Sophos Firewall 19.5GA that allows API clients to read the contents of the configuration database in their API controller via SQL injection...

Sophos Firewall SQL注入漏洞

Sophos Firewall is a firewall from Sophos UK. A SQL injection vulnerability exists in versions prior to Sophos Firewall 19.5GA that allows an API client to read the contents of its user's configuration database via SQL injection...

Open-Xchange OX App Suite 资源管理错误漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite version 7.10.6 and prior versions, which stems from insufficiently checking the size of request parameters for certain API endpoints...

PT-2022-27445 · Unknown · Book Store Management System

Name of the Vulnerable Software and Affected Versions: Book Store Management System version 1.0 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book...

CVE-2022-4045

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a security vulnerability that stems from a denial-of-service vulnerability that allows authenticated users to crash the server with multiple requests to the API endpoint, which could potentially...