4947 matches found
Cisco UCS Director Cloupia Script RCE
This module exploits an authentication bypass and directory traversals in Cisco UCS Director 'Cisco UCS Director Cloupia Script RCE', 'Description' = %q This module exploits an authentication bypass and directory traversals in Cisco UCS Director 6.7.4.0 to leak the administrator's REST API key an...
The vulnerability of the REST API interface for controlling physical infrastructure and virtual environments in Cisco UCS Director and Cisco UCS Director Express for Big Data allows a attacker to execute arbitrary code.
The vulnerability of the REST API interface for controlling physical infrastructure and virtual environments of Cisco UCS Director and Cisco UCS Director Express for Big Data is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute...
The vulnerability of the REST API interface of the Cisco UCS Director management tool allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the REST API interface of the Cisco UCS Director management tool for physical infrastructure and virtual environments is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...
Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko...
TeamPass Authorization Control Vulnerability
TeamPass is an open source password manager. A security vulnerability exists in the REST API functionality in TeamPass 2.1.27.36 and earlier versions. An attacker can exploit this vulnerability to gain TeamPass administrator privileges and read or change all passwords...
Missing API Authorization Checks
TeamPass has missing API authorization checks. The application does not properly enforce authorization controls in REST API functions, allowing any user with a valid token to act as administrator and to modify another user's passwords using authenticated api/index.php REST API calls...
CVE-2020-5333
RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information...
CVE-2020-5333
RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information...
Authorization
RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information...
CVE-2020-5333
RSA Archer, versions prior to 6.7 P3 6.7.0.3, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information...
CVE-2020-5333
The CVE-2020-5333 entry concerns RSA Archer before version 6.7 P3 (6.7.0.3) and before 6.6 P6 (6.6.0.6), which contains an authorization bypass vulnerability in the REST API. A remote authenticated Archer user could potentially view unauthorized information due to this flaw. Connected sources cor...
CVE-2020-11671
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default...
CVE-2020-11671
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default...
Design/Logic Flaw
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default...
CVE-2020-11671
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default...
CVE-2020-11671
The CVE-2020-11671 entry concerns TeamPass: lack of authorization controls in REST API functions in TeamPass 2.1.27.36 and earlier allows any user with a valid API token to become an administrator and read/modify all passwords via api/index.php REST API calls. The impact is elevated privileges an...
Access to all question drafts in private spaces via API
h3. Issue Summary Questions leak information through private space https://asecurityteam.atlassian.net/browse/BOUNTY-2559 h3. Steps to Reproduce Access to questions in spaces is limited to those users that have access to the space. However, question drafts in a restricted space can be accessed by...
CVE-2020-12477
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function...
Design/Logic Flaw
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function...
CVE-2020-12477
The vulnerability CVE-2020-12477 affects TeamPass 2.1.27.36: the REST API allows any user with a valid API token to bypass IP address whitelisting by manipulating the X-Forwarded-For header when calling the getIp function. Multiple connected sources (Red Hat, Veracode, OSV, CNVD/CNVD-2020-27440, ...