CVE-2022-2034 Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API

The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers...

Security Bulletin: Vulnerability in REST API affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-4929)

Summary Vulnerability in REST API present in IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis allows for extraction of information. Vulnerability Details CVEID: CVE-2015-4929 DESCRIPTION: IBM License Metric Tool could allow an authenticated attacker to extract sensitive...

CVE-2022-2379

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...

Design/Logic Flaw

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...

CVE-2022-2379 Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...

CVE-2022-2379

CVE-2022-2379 affects the WordPress Easy Student Results plugin (versions ≤ 2.2.8). The REST API lacks proper authorization, allowing unauthenticated users to retrieve sensitive data: courses, exams, departments, student grades, and PII (email, physical address, phone). The CVSSv3.1 base score is...

WordPress plugin Easy Student Results 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2022-20914

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

Design/Logic Flaw

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

CVE-2022-20914 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...

Graylog Detection Consolidation

Consolidation of Graylog detections. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...

Splunk Enterprise 8.1.x < 8.1.7 Information Disclosure

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to return verbose login errors. Note that Nessus has not tested for this issue but has instead relied only on...

Top Echelon Software: Wordpress Users Disclosure (/wp-json/wp/v2/users/)

Hello Team @topechelonsoftware Information: Using REST API, we can see all the WordPress users/author with some of their information. Step To Reproduce: You can get user info by entering below url in your browser: https://www.topechelon.com/wp-json/wp/v2/users/ ███████ Impact Authors : LTR ,...

apthesaurus (=22.2.1), ax (=0.3.0) +2 more potentially affected by CVE-2022-35920 via sanic (>=21.12.0 <=21.12.1)

sanic PYPI version =21.12.0, =22.1.1, =21.1.5.4, =22.2.3 Source cves: CVE-2022-35920 Source advisory: OSV:GHSA-8CW9-5HMV-77W6...

Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API

The plugin does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers PoC https://example.com/wp-json/wp/v2/sensei-messages/...

WordPress Sensei LMS plugin <= 4.4.3 - Unauthenticated Private Messages Disclosure via Rest API vulnerability

Unauthenticated Private Messages Disclosure via Rest API vulnerability discovered by Veshraj Ghimire in WordPress Sensei LMS plugin versions = 4.4.3. Solution Update the WordPress Sensei LMS plugin to the latest available version at least 4.5.0...

Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API

The plugin does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers https://example.com/wp-json/wp/v2/sensei-messages/...

F5 NGINX Instance Manager Denial of Service Vulnerability

NGINX Instance Manager NIM is part of F5's NGINX Management Suite NMS.The NIM module provides a REST API that uses standard authentication methods and HTTP response code, among other things.A denial of service vulnerability exists in F5 NGINX Instance Manager, which stems from a When using NGINX...

CVE-2022-31128

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via th...

Design/Logic Flaw

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via th...