4960 matches found
WP < 6.3.2 - Unauthenticated Post Author Email Disclosure
Description WordPress does not properly restrict which user fields are searchable via the REST API. PoC from multiprocessing import Pool import requests import string import json import sys if lensys.argv != 2: printf'USAGE: sys.argv0 ' sys.exit url = sys.argv1.rstrip'/' + '/wp-json/wp/v2/users'...
PT-2023-5999 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.2.0 through 7.2.4 Fortinet FortiOS version 7.4.0 Description: The issue is related to improper access control in the FortiOS REST API component, allowing an attacker to access restricted resources from non-trusted...
Protect
An improper access control vulnerability CWE-284 in the FortiOS REST API component may allow an authenticated attacker to access a restricted resource from a non trusted host...
Fortinet Fortigate REST API trusted host bypass (FG-IR-23-139)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-139 advisory. - An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a...
TeamCity Server < 2023.05 Multiple Vulnerabilities
According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.05. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actio...
Moderate: Red Hat Security Advisory: Red Hat Data Grid 8.4.4 security update
An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Zoho ManageEngine ADManager Plus Authorization Issues Vulnerability
ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...
GHSA-62WF-H26V-5M57 Cross Site Scripting vulnerability in Dolibarr ERP CRM
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject...
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject...
CVE-2023-38888
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject...
CVE-2023-38888
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject...
CVE-2023-38888
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject...
CVE-2023-38888
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject...
Cross site scripting
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject...
CVE-2023-38888
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject...
CVE-2023-38888
CVE-2023-38888 is a Cross Site Scripting vulnerability affecting Dolibarr ERP/CRM (v17.0.1 and earlier) exposed via the REST API module. The issue is tied to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject, enabling a remote attacker to obtain sensitive information and execute arb...
CVE-2023-38888
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject...
CVE-2023-4400
A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...
Authentication flaw
A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...
CVE-2023-4400
A password management vulnerability in Skyhigh Secure Web Gateway SWG in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was...