4948 matches found
CVE-2021-34707
A vulnerability in the REST API of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API...
Design/Logic Flaw
A vulnerability in the REST API of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API...
CVE-2021-34707
CVE-2021-34707 concerns a information-disclosure vulnerability in the REST API of Cisco EPNM. An authenticated, remote attacker can exploit this by sending a specific API request to obtain sensitive information from the application. The issue is attributed to insufficient protection of sensitive ...
GitLab: Improper access control for users with expired password, giving the user full access through API and Git
Summary Users with an "expired password" can still access the full API with tokens. This includes the REST API, GraphQL API and Git HTTP access. The same issue was mitigated in 13.12.2 as "Insufficient Expired Password Validation". That patch blocked users with expired passwords from accessing th...
Missing Authorization in TeamPass
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default...
GHSA-GMR7-M73X-6C9Q Missing Authorization in TeamPass
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default...
Incorrect Authorization in TeamPass
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function...
GHSA-FV48-HJHP-94C7 Incorrect Authorization in TeamPass
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function...
CVE-2021-1518
A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...
Design/Logic Flaw
A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...
CVE-2021-1518 Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability
A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...
CVE-2021-1518
Cisco Firepower Device Manager (FDM) On-Box Software REST API has a vulnerability allowing an authenticated, remote attacker to execute arbitrary code on the device’s underlying OS due to insufficient sanitization of specific REST API inputs. An attacker with valid low-privilege credentials can e...
CVE-2021-1518 Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability
A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...
Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability
A vulnerability in the REST API of Cisco Firepower Device Manager FDM On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific...
Design/Logic Flaw
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the /rest/api/latest/user/avatar/temporary endpoint...
CVE-2021-26081
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the /rest/api/latest/user/avatar/temporary endpoint...
CVE-2021-26081
CVE-2021-26081 affects Atlassian Jira Server/Data Center: REST API /rest/api/latest/user/avatar/temporary allows remote username enumeration in affected builds (before 8.5.14; 8.6.x before 8.13.6; 8.14.x before 8.16.1). Public reports confirm the vulnerability exists in these versions, with the i...
CVE-2021-24385
The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...
Sql injection
The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...
CVE-2021-24385
The CVE-2021-24385 entry concerns the WordPress Filebird Plugin (v4.7.3). The vulnerability is a SQL injection caused by unescaped user input in SQL queries derived from a HTTP POST request, with the vulnerable code path invoked by a REST API endpoint that requires no authentication. This makes t...