CVE-2020-3531 Cisco IoT Field Network Director Unauthenticated REST API Vulnerability

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

CVE-2020-26075 Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. ...

CVE-2020-26075

Cisco IoT Field Network Director (FND) REST API suffers from insufficient input validation, enabling authenticated remote attackers to craft malicious API requests and potentially access the device’s back-end database (SQL‑injection-like effect). Affected component is the REST API of FND; impact ...

Cisco IoT Field Network Director Unauthenticated REST API Vulnerability

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. ...

Cross-Site Scripting (XSS)

keycloak-services is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the Realm registration REST API...

Improper access control

In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API...

CVE-2020-25209

The vulnerability affects JetBrains YouTrack prior to version 2020.3.6638, where improper access control on certain subresources enables information disclosure via the REST API. Root cause: access-control gaps in subresources expose sensitive information to unauthorized callers. Impact: potential...

CVE-2020-25209

In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API...

CVE-2020-25711

A flaw was found in the Infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. The highest threat...

SaltStack Salt REST API Arbitrary Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt REST API Arbitrary Command Execution', 'Description' = %q This module exploits an authentication bypass and command injection in...

SaltStack Salt REST API Arbitrary Command Execution Exploit

This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8,...

RHEL 7 : podman (RHSA-2020:5056)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5056 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...

CVE-2020-24404

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization...

CVE-2020-24404

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization...

CVE-2020-24402

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorizati...

CVE-2020-24402

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorizati...

CVE-2020-24403

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the...

CVE-2020-24403

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the...

Design/Logic Flaw

Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorizati...