Apereo CAS 跨站脚本漏洞

Apereo CAS is a web-based enterprise multilingual single sign-on solution. versions prior to Apereo CAS 6.4.1 have a security vulnerability that can be exploited by attackers to send XSS via POST requests to REST API endpoints...

The vulnerability of the REST API interface of the Cisco Identity Services Engine allows a perpetrator to execute arbitrary commands and increase their privileges.

The vulnerability of the REST API interface of the Cisco Identity Services Engine relates to insufficient input validation for certain API endpoints. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands and increase their privileges...

Permissions not properly checked in Invenio-Drafts-Resources

Impact Invenio-Drafts-Resources does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated user is able via REST API calls to publish draft records of other users if they know the record identifier and...

GHSA-XR38-W74Q-R8JV Permissions not properly checked in Invenio-Drafts-Resources

Impact Invenio-Drafts-Resources does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated user is able via REST API calls to publish draft records of other users if they know the record identifier and...

CVE-2021-43781

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...

CVE-2021-43781

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...

PYSEC-2021-837

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...

PYSEC-2021-838

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...

PYSEC-2021-836

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...

CVE-2021-43781 Permissions not properly checked in Invenio-Drafts-Resources

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...

CVE-2021-43781

CVE-2021-43781 concerns Invenio-Drafts-Resources. The issue: versions prior to 0.13.7 and 0.14.6 fail to enforce permissions when publishing a record, allowing an authenticated user to publish draft records belonging to others via REST API if the record ID is known and the draft passes validation...

Invenio-Drafts-Resources 安全漏洞

Invenio-Drafts-Resources is a submission/deposit module for Invenio. It is used for research data management. A security vulnerability exists in Invenio-Drafts-Resources versions prior to 0.13.7 and 0.14.6, which stems from a failure to properly check permissions in the affected product. The...

Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration...

PT-2021-6071

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ServiceDesk Plus versions prior to 11306 Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10530 Zoho ManageEngine SupportCenter Plus versions prior to 11014 Description The issue is related to unauthenticated remote...

ManageEngine ADSelfService Plus Authentication Bypass / Code Execution Exploit

This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service. This module requires Metasploit:...

ManageEngine ADSelfService Plus Authentication Bypass / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus CVE-2021-40539', 'Description' = %q This module exploits CVE-2021-40539, a REST API authentication bypass...

ManageEngine ADSelfService Plus CVE-2021-40539

This module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service. Module Options msf use...

WP Guppy < 1.3 - Sensitive Information Disclosure

The plugin does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user PoC !/bin/bash Exploit Title:...

CVE-2021-43494

OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access...