CVE-2022-28162

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text...

WordPress plugin Easy Generate Rest API Url 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

ManageEngine Access Manager Plus REST API Restriction Bypass (CVE-2022-29081)

Binary data manageengineaccessmanagerpluscve-2022-29081.nbin...

CVE-2021-33845

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors...

Code injection

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors...

CVE-2021-33845

CVE-2021-33845 affects Splunk Enterprise before version 8.1.7, where the REST API can disclose usernames via the lockout error message when verbose login errors are present. Multiple connected sources (NVD, Red Hat, Nessus plugin, CVE lists) describe this information disclosure vulnerability and ...

CVE-2021-33845 Username enumeration through lockout message in REST API

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors...

PT-2022-2443

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.6.x, 12.1.x, 13.1.x prior to 13.1.5, 14.1.x prior to 14.1.4.6, 15.1.x prior to 15.1.5.1, and 16.1.x prior to 16.1.2.2 Description The vulnerability resides in the iControl REST API authentication mechanism of F5 BIG-IP...

BSA-2022-1841

Security Advisory ID : BSA-2022-1841 Component : REST API Revision : 1.0 Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. Affected Products. Brocade SANnav - Fixed in Brocade SANnav 2.2.0...

The top 5 most routinely exploited vulnerabilities of 2021

A joint Cybersecurity Advisory, coauthored by cybersecurity authorities of the United States CISA, NSA, and FBI, Australia ACSC, Canada CCCS, New Zealand NZ NCSC, and the United Kingdom NCSC-UK has detailed the top 15 Common Vulnerabilities and Exposures CVEs routinely exploited by malicious cybe...

CVE-2022-29081

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...

Design/Logic Flaw

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...

CVE-2022-29081

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...

CVE-2022-29081

CVE-2022-29081 affects Zoho ManageEngine products: Access Manager Plus (before 4302), Password Manager Pro (before 12007), and PAM360 (before 5401). The issue is an access-control bypass on certain REST API endpoints (SSOutAction, SSLAction, LicenseMgr, GetProductDetails, GetDashboard, FetchEvent...

oVirt REST API 路径遍历漏洞

The oVirt REST API is an application programming interface. A path traversal vulnerability exists in the oVirt REST API that stems from improper access restrictions in seven REST API endpoints. An unauthenticated remote attacker could bypass the implemented security restrictions and gain...

Improper Input Validation in GeoServer

Impact The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota...

GHSA-4PM3-F52J-8GGH Improper Input Validation in GeoServer

Impact The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota...

CVE-2022-24847

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

Deserialization of untrusted data

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

CVE-2022-24847 Improper Input Validation in GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...