112 matches found
CVE-2024-6303 Missing Authorization in Conduit
Missing authorization in Client-Server API in Conduit =0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the...
PT-2024-37525 · Conduit · Conduit
Name of the Vulnerable Software and Affected Versions: Conduit versions prior to 0.7.0 Description: The issue concerns missing authorization in the Client-Server API, allowing for unauthorized removal and addition of aliases to different rooms. This can be exploited for privilege escalation by...
PT-2024-25140 · Unknown · Identity Security Cloud
Name of the Vulnerable Software and Affected Versions: Identity Security Cloud ISC affected versions not specified Description: An issue was found in the Identity Security Cloud ISC message server API, related to improper access control. This allowed an authenticated user to access job processing...
Heketi Arbitrary Code Execution
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation...
GHSA-6G56-V9QG-JP92 Heketi Arbitrary Code Execution
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation...
WebRAT 代码问题漏洞
WebRAT is a simple remote web management tool. A code issue vulnerability exists in cyberaz0r WebRAT, which stems from a security issue in the downloadfile function in Server/api.php, which causes unrestricted uploads via the parameter name...
Path Traversal
github.com/argoproj/argo-cd/v2 is vulnerable to Path Traversal. The vulnerability is caused by a missing validation check in the repo server API that prevents file traversal attacks. This can lead to an attacker leaking values or files from the referenced Helm Chart by using a using a...
CVE-2023-2993
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute...
Information Disclosure
Codedx is vulnerable to Information Disclosure. The vulnerability exists because the server API keys are stored in job config.xml without encrypting which allows an attacker to gain read access on the controller file system...
Design/Logic Flaw
Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...
GoCD 安全漏洞
GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0 that stems from the use of regular string comparisons to validate tokens instead of the constant time algorithm, which can be exploited by an attacker to brute-force GoCD server API calls...
CVE-2022-28127
A data removal vulnerability exists in the webserver /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability...
org.apache.atlas:atlas-authorization (=0.7-incubating), org.apache.atlas:atlas-client (=0.7-incubating) +9 more potentially affected by CVE-2017-3150 via org.apache.atlas:atlas-common (=0.7-incubating)
org.apache.atlas:atlas-common MAVEN version =0.7-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.atlas:atlas-common and may be impacted: - org.apache.atlas:atlas-authorization =0.7-incubating - org.apache.atlas:atlas-client...
org.apache.atlas:atlas-authorization (=0.7-incubating), org.apache.atlas:atlas-client (=0.7-incubating) +9 more potentially affected by CVE-2017-3155 via org.apache.atlas:atlas-common (=0.7-incubating)
org.apache.atlas:atlas-common MAVEN version =0.7-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.atlas:atlas-common and may be impacted: - org.apache.atlas:atlas-authorization =0.7-incubating - org.apache.atlas:atlas-client...
org.apache.atlas:atlas-authorization (=0.7-incubating), org.apache.atlas:atlas-client (=0.7-incubating) +9 more potentially affected by CVE-2017-3154 via org.apache.atlas:atlas-common (=0.7-incubating)
org.apache.atlas:atlas-common MAVEN version =0.7-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.atlas:atlas-common and may be impacted: - org.apache.atlas:atlas-authorization =0.7-incubating - org.apache.atlas:atlas-client...
org.apache.atlas:atlas-authorization (=0.7-incubating), org.apache.atlas:atlas-client (=0.7-incubating) +9 more potentially affected by CVE-2017-3151 via org.apache.atlas:atlas-common (=0.7-incubating)
org.apache.atlas:atlas-common MAVEN version =0.7-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.atlas:atlas-common and may be impacted: - org.apache.atlas:atlas-authorization =0.7-incubating - org.apache.atlas:atlas-client...
Privilege Escalation
github.com/argoproj/argo-workflows is vulnerable to privilege escalation. An attacker can create a workflow through the newHTTPServer function of argoserver.go that produces an HTML artifact and makes XRL calls to the Argo Server API by using a script, allowing the attacker to send malicious emai...
CVE-2021-27765
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed...
Privilege escalation
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed...
CVE-2021-27765
The CVE-2021-27765 entry relates to BigFix components packaged with InstallShield. Concrete details from connected documents show that BigFix Server API installer (and related BigFix Console/Client installers) use InstallShield and are affected by CVE-2021-41526, which involves InstallScript acti...