4950 matches found
CVE-2022-24552
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...
CVE-2022-24552
The CVE-2022-24552 entry concerns StarWind Stack’s REST API: the REST command that manipulates a virtual disk does not validate input parameters, and certain inputs are passed to a bash script. This allows an attacker with non-root access to inject data that may be executed with root privileges, ...
CVE-2022-0218
The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...
Design/Logic Flaw
The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...
CVE-2022-0218
CVE-2022-0218 (WP HTML Mail ≤ 3.0.9) : WordPress Email Template Designer WP HTML Mail exposes an unprotected REST-API endpoint (/themesettings) due to a missing capability check in includes/class-template-designer.php, enabling unauthenticated users to retrieve/modify theme settings. Connected so...
CVE-2022-0218 WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route
The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...
CVE-2022-0218 WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route
The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...
ManageEngine ServiceDesk Plus Multiple Versions Authentication Bypass
Zoho ManageEngine ServiceDesk Plus versions 11.3 before 11302, 11.2 before 11208, 11.1 before 11145 and 11.0 before 11012 are vulnerable to authentication bypass that allows a few REST-API URLs without authentication. Note that Nessus has not tested for this issue but has instead relied only on t...
mongo-rest-api (=0.1.0), pine-ql (>=0.1.0 <=0.5.4) potentially affected by CVE-2021-23760 via keyget (=1.0.1)
keyget NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keyget and may be impacted: - mongo-rest-api =0.1.0 - pine-ql =0.1.0, =0.5.4 Source cves: CVE-2021-23760 Source advisory: OSV:GHSA-9FP7-4FJM-Q3MF...
CVE-2021-4133
A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled...
Design/Logic Flaw
A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled...
CVE-2022-23858
A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2...
Command injection
A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2...
CVE-2022-23858
The CVE-2022-23858 issue affects StarWind Command Center (REST API) where an improperly handled REST call allows any logged-in user to elevate privileges to the system account. Affected: StarWind Command Center build 6003 v2. Root cause: improper handling of REST API calls leading to privilege es...
PT-2022-16296 · Starwind · Starwind Command Center
Name of the Vulnerable Software and Affected Versions: StarWind Command Center versions prior to V2 build 6021 StarWind Command Center build 6003 v2 Description: A flaw was found in the REST API, allowing an improperly handled REST API call to elevate privileges up to the system account for any...
StarWind Command Center 权限许可和访问控制问题漏洞
StarWind Command Center is a single management platform for managing and monitoring Ui from StarWind, Inc. designed to simplify and automate the control of day-to-day Hci routines. StarWind Command Center has a Privilege Permission and Access Control Issue vulnerability that stems from the fact...
20K WordPress Sites Exposed by Insecure Plugin REST-API
More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams and more as the result of a high-severity cross-site scripting XSS bug discovered in the WordPress Email Template Designer – WP HTML Mail, a plugin for designing custom emails. The new vulnerability...
Design/Logic Flaw
A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on...
CVE-2022-22152
The CVE covers a REST API access-control failure in Juniper Networks Contrail Service Orchestration. A tenant can view confidential configuration details of other tenants (e.g., firewall configuration and access control policies) due to insufficient authorization checks, exposing sensitive inform...
CVE-2022-22152 Contrail Service Orchestration: Tenants able to see other tenants policies via REST API interface
A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on...