F5 BIG-IP 16.0.x - iControl REST Remote Code Execution (Unauthenticated)

Exploit Title: F5 BIG-IP 16.0.x - iControl REST Remote Code Execution Unauthenticated Exploit Author: Al1ex Vendor Homepage: https://www.f5.com/products/big-ip-services Version: 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5....

CVE-2021-21421

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later...

CVE-2021-21421

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later...

CVE-2021-21421

CVE-2021-21421 affects the node-etsy-client (Node.js Etsy REST API client). The issue is that applications reporting client errors to end users could leak the API key value in error output. The root cause is tied to how error information is exposed to end users. Mitigation is to upgrade to node-e...

F5 iControl REST Unauthenticated SSRF Token Generation RCE

This module exploits a pre-auth SSRF in the F5 iControl REST API's /mgmt/shared/authn/login endpoint to generate an X-F5-Auth-Token that can be used to execute root commands on an affected BIG-IP or BIG-IQ device. This vulnerability is known as CVE-2021-22986. CVE-2021-22986 affects the following...

WordPress BuddyPress Plugin 5.0.0 - 7.2.0 Privilege Escalation Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.112876";...

Rocket.Chat: REST API gets `query` as parameter and executes it

Summary: Any user with 'view-d-room' permission can access any except users.services data from the users collection Description: The "users.list" REST endpoint gets a query parameter from JSON and runs Users.findqueryFromClientSide. This means virtually any authenticated user can access any data...

CVE-2021-21389

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...

Design/Logic Flaw

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...

CVE-2021-21389 BuddyPress privilege escalation via REST API

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in...

CVE-2021-21389

BuddyPress (WordPress plugin) prior to 7.2.1 is affected by a REST API privilege-escalation vulnerability that can lead to remote code execution. A non-privileged user could exploit the REST API members endpoint (v1/members/me) to gain administrator rights. Affected versions are 5.0.0 through 7.2...

Quiz And Survey Master < 7.1.14 - Authenticated SQL injection via Rest API

While confirming https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab, another SQLi issue was identified and reported. The qsmrestgetbankquestions function in the php/rest-api.php file did not property sanitise and escape the category parameter before using it in SQL statements...

Quiz And Survey Master < 7.1.14 - Authenticated SQL injection via Rest API

While confirming https://wpscan.com/vulnerability/3b52b25c-82a1-41c7-83ac-92e244f7c5ab, another SQLi issue was identified and reported. The qsmrestgetbankquestions function in the php/rest-api.php file did not property sanitise and escape the category parameter before using it in SQL statements...

Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws

Attackers are actively exploiting two recently-patched vulnerabilities in a popular suite of tools for WordPress websites from marketing platform Thrive Themes. Thrive Themes offers various products to help WordPress websites “convert visitors into leads and customers.” Its suite of products,...

Kraker - Distributed Password Brute-Force System That Focused On Easy Use

Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the design and development: to create the most simple tool for distributed hash cracking and make it...

All Thrive Themes Legacy Themes < 2.0.0 - Unauthenticated Arbitrary File Upload and Option Deletion

Thrive “Legacy” themes register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote...

All Thrive Themes and Plugins - Unauthenticated Option Update

The plugins and themes register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty apikey parameter in vulnerable versions if Zapier was not enabled. Attackers coul...

IBM Spectrum Scale Unauthorized Access Vulnerability

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...

BuddyPress < 7.2.1 - Force a Friendship

The BuddyPress WordPress plugin, versions before 7.2.1, fixed a vulnerability that could allow a member to force a friendship on behalf of another member, using the BuddyPress REST API buddypress/v1/friends endpoint...

BuddyPress < 7.2.1 - REST API Privilege Escalation

The BuddyPress WordPress plugin, versions before 7.2.1, fixed a vulnerability that could allow a privilege escalation from a regular user to Administrator, using the BuddyPress REST API buddypress/v1/members/me endpoint...