4948 matches found
Sql injection
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go...
CVE-2021-31856
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go...
CVE-2021-31856
Layer5 Meshery 0.5.2 contains a SQL injection in the REST API exposed via the /api/experimental/patternfile (also described as /experimental/patternfiles) endpoint. The vulnerability stems from the GetMesheryPatterns function, where the order parameter from user input is directly concatenated int...
Sipwise C5 NGCP CSC - (Multiple) Stored/Reflected Cross-Site Scripting Vulnerability
Exploit Title: Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting XSS Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected...
Sipwise C5 NGCP CSC Cross Site Request Forgery
Sipwise C5 NGCP CSC CSRF Click2Dial Exploit Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin version 3.6.7 Summary: Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-swit...
Sipwise C5 NGCP CSC Cross Site Scripting
Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin version 3.6.7 Summary: Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source...
Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)
Exploit Title: Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting XSS Date: 13.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page:...
Vulnerablecode - A Free And Open Vulnerabilities Database And The Packages They Impact And The Tools To Aggregate And Correlate These Vulnerabilities
VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the data current. It is made by the FOSS community to improve and secure the open source software ecosystem. Why? The existing solutions are commercial proprietary vulnerability...
Design/Logic Flaw
An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the...
CVE-2021-0265
The CVE-2021-0265 entry relates to an unvalidated REST API in the Juniper Networks AppFormix Agent that allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, granting full control of the environment. Affected products are Juniper Networks A...
Vulnerabilities fixed in WordPress
WordPress developers have fixed several vulnerabilities fixed. An authenticated remote malicious person could potentially exploit these vulnerabilities potentially exploit them to perform an XML External Entity XXE attack. This vulnerability is located in the way uploaded MP3 files are processed ...
WordPress Multiple Vulnerabilities (Apr 2021) - Windows
WordPress is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure
Description The Latest Posts block in the WordPress editor can be exploited in a way that exposes password-protected posts and pages via the posts REST API when the "edit" context was used. This requires at least contributor privileges. PoC 1. As one user, create a new password protected post...
BuddyPress < 7.3.0 - Multiple Authenticated REST API Vulnerabilities
The BuddyPress WordPress plugin released version 7.3.0, a maintenance & security release, which included fixes for various authenticated REST API authorisation vulnerabilities. The 7.3.0 release addresses four security issues: - A vulnerability was fixed that could allow a member to create a grou...
WordPress ACF to REST API Plugin <= 3.1.0 IDOR Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113814";...
CVE-2021-24219
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...
Design/Logic Flaw
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...
CVE-2021-24220
CVE-2021-24220 is tied to Thrive Themes Legacy plugins/themes (up to 2.0.0) that expose a REST endpoint (kraken) used to compress images. The flaw arises when crafted requests, combined with data inserted via an Option Update vulnerability, allow remote retrieval of code from a URL and writing fi...
EUVD-2021-11133
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...
CVE-2021-24219
The CVE-2021-24219 entry concerns a REST API endpoint in Thrive Themes plugins/themes (e.g., Thrive Optimize and related plugins, and several Thrive Themes themes) that was intended to require an API key for access but could be reached with an empty api_key parameter when Zapier was not enabled. ...