4948 matches found
CVE-2021-43494
OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access...
Directory traversal
OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access...
CVE-2021-43494
OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access...
CVE-2021-43494
The CVE-2021-43494 entry concerns OpenCV-REST-API (master branch as of commit 69be158…): a directory traversal vulnerability that can disclose secrets stored on the system and potentially aid remote code access. Affected component is the OpenCV-REST-API repository; root cause is directory travers...
OpenCV 路径遍历漏洞
OpenCV is an open source, cross-platform, lightweight computer vision library. A path traversal vulnerability exists in OpenCV-REST-API, which stems from a commit in the main branch of OpenCV-REST-API being affected by a directory traversal vulnerability...
CVE-2021-34582
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code XSS through web-based management or the REST API with a manipulated certificate file...
Code injection
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code XSS through web-based management or the REST API with a manipulated certificate file...
CVE-2021-34582 Phoenix Contact: FL MGUARD XSS through web-based management and REST API
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code XSS through web-based management or the REST API with a manipulated certificate file...
CVE-2021-34582
Phoenix Contact FL MGUARD 1102 and 1105 are affected in versions 1.4.0, 1.4.1, and 1.5.0. A user with high privileges can inject HTML code (XSS) through the web-based management interface or the REST API when a manipulated certificate file is used. The vulnerability stems from the handling of cer...
Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs
Over the weekend of November 6, 2021, Rapid7’s Incident Response IR and Managed Detection and Response MDR teams began seeing opportunistic exploitation of two unrelated CVEs: CVE-2021-40539, a REST API authentication bypass in Zoho’s ManageEngine ADSelfService Plus product that Rapid7 has...
Sql injection
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection...
CVE-2021-24731 Pie Register < 3.7.1.6 - Unauthenticated SQL Injection
The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection...
Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit
At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on SSO solution. The spying...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. WordPress Plugin Registration Forms â€" User profile, Content Restriction, Spam Protection, Payment Gateways,...
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution...
CVE-2021-29737
IBM InfoSphere Data Flow Designer Engine IBM InfoSphere Information Server 11.7 component has improper validation of the REST API server certificate. IBM X-Force ID: 201301...
Input validation
IBM InfoSphere Data Flow Designer Engine IBM InfoSphere Information Server 11.7 component has improper validation of the REST API server certificate. IBM X-Force ID: 201301...
CVE-2021-29737
The CVE-2021-29737 entry relates to IBM InfoSphere Data Flow Designer Engine within IBM InfoSphere Information Server 11.7, which is affected by improper validation of the REST API server certificate. The IBM Security Bulletin and NVD entry confirm the affected component and describe a REST certi...
CVE-2021-29737
IBM InfoSphere Data Flow Designer Engine IBM InfoSphere Information Server 11.7 component has improper validation of the REST API server certificate. IBM X-Force ID: 201301...
IBM InfoSphere DataStage Flow Designer Trust Management Issue Vulnerability
Ibm InfoSphere DataStage Flow Designer is a Web-based data stage flow designer from Ibm, Inc. A security vulnerability exists in Ibm InfoSphere DataStage Flow Designer that stems from an error in the validation of REST API server credentials by the IBM InfoSphere DataStage Flow Designer engine...