Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Request Tracker vulnerabilities (USN-6529-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6529-1 advisory. It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were...

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-9665948)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 2.1.2, which stems from the presence of incorrect payload validation and incorrect REST API response type issues. ...

Exploit for Code Injection in Qodeinteractive Qode_Essential_Addons

CVE-2023-47840 Qode Essential Addons = 1.5.2 - Missing Aut...

WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints

Description The plugin does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. PoC The following actions may be taken by a Contributor user: --- /wmllogs - Information leak Execute the...

GHSA-WQ8Q-99P5-XFRW Apache Superset Cross-site Scripting vulnerability

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...

CVE-2023-43701

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...

Input validation

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...

CVE-2023-43701

CVE-2023-43701 affects Apache Superset up to version 2.1.1, where improper payload validation and a flawed REST API response type allow an authenticated attacker to store malicious code in chart metadata. The code could execute when a user accesses a specific deprecated API endpoint. Affected ver...

Iac-Scan-Runner - Service That Scans Your Infrastructure As Code For Common Vulnerabilities

Service that scans your Infrastructure as Code for common vulnerabilities. Aspect | Information ---|--- Tool name | IaC Scan Runner Docker image | xscanner/runner PyPI package | iac-scan-runner Documentation | docs Contact us | [email protected] Purpose and description The IaC Scan Runner is...

MikroTik RouterOS 7.1 < 7.12 Access Control Vulnerability

MikroTik RouterOS is prone to an access control vulnerability in the REST API. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

AtomChat <= 1.1.4 - Missing Authorization via credits REST API Endpoint

Description The AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'credits' REST API function in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to manipulate user credits when the...

Product Recommendation Quiz for eCommerce < 2.1.2 - Missing Authorization in prq_set_token

Description The Product Recommendation Quiz for eCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the prqsettoken function in versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to modify...

Headline Analyzer < 1.3.2 - Missing Authorization via REST APIs

Description The Headline Analyzer plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions called via REST API endpoints in versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to retrieve a...

Email Marketing for WooCommerce by Omnisend < 1.13.9 - Sensitive Information Exposure

Description The Email Marketing for WooCommerce by Omnisend plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the status REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive user informatio...

Japanized For WooCommerce < 2.6.5 - Missing Authorization

Description The Japanized For WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification due to missing capability checks on several functions called via REST API function in versions up to, and including, 2.6.4. This makes it possible for unauthenticated attackers to...

CVE-2023-6117

A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks...

CVE-2023-6117

A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks...

CVE-2023-6117

A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks...

Design/Logic Flaw

A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks...

CVE-2023-6117

CVE-2023-6117 affects M-Files server REST API: obsolete REST API functionalities can be exploited to cause memory consumption leading to Denial of Service. Affected versions are prior to 23.11.13156.0. Exploit details are not disclosed in the provided docs beyond the DoS impact. Mitigation: upgra...