Cisco Identity Services Engine Privilege Escalation (cisco-sa-ise-priv-esc-UwqPrBM3)

According to its self-reported version, Cisco Identity Services Engine is affected by a privilege escalation vulnerability in its REST API component due to insufficient input validation on specific endpoints. An unauthenticated, remote attacker can exploit this to gain root access to the system...

CVE-2021-42089

An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information...

CVE-2021-42089

An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information...

Information disclosure

An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information...

CVE-2021-42089

Zammad before 4.1.1 is affected by CVE-2021-42089: the REST API discloses sensitive information, enabling information disclosure via the API. Exploitation details are not provided in the supplied documents beyond the REST API exposure and the affected version range (prior to 4.1.1). The issue has...

CVE-2021-42089

An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information...

CVE-2021-1594

A vulnerability in the REST API of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a...

CVE-2021-1594

A vulnerability in the REST API of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a...

Command injection

A vulnerability in the REST API of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a...

CVE-2021-1594

CVE-2021-1594 affects Cisco Identity Services Engine (ISE). The REST API is vulnerable to a command injection due to insufficient input validation on specific endpoints. An unauthenticated, remote attacker could leverage this by positioning themselves in a Man-in-the-Middle role to intercept and ...

GHSA-M6J4-8R7P-WPP3 BuddyPress privilege escalation via REST API

Impact It's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the BuddyPress REST API members endpoint. Patches The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitiga...

BuddyPress privilege escalation via REST API

Impact It's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the BuddyPress REST API members endpoint. Patches The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitiga...

Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the REST API of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a...

Showmax: Full Path Disclosure in Wordpress Rest API Response

The hacker submitted a full path disclosure vulnerability on our Wordpress site stories.showmax.com. The vulnerability was caused by Yoast SEO plugin and they actually released a fix for the issue today 2021-10-05. Considering the issue was with 3rd party code, the fix for the issue was introduce...

ManageEngine EventLog Analyzer < Build 12201 REST API Restriction Bypass RCE

Binary data manageengineeventloganalyzercve-2021-40539.nbin...

ManageEngine Log360 < Build 5229 REST API Restriction Bypass RCE

Binary data manageenginelog360cve-2021-40539.nbin...

CVE-2021-34648

The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

Information disclosure

The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via t...

Code injection

The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the triggeremailaction function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the...

CVE-2021-34647 Ninja Forms <= 3.5.7 Sensitive Information Disclosure

The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulkexportsubmissions function found in the /includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via t...