8 matches found
EUVD-2020-18802
Malware in sbrugna...
The vulnerability of the visualization plugin for the Infinity Datasource platform used in Grafana monitoring and observation systems stems from server-side request manipulation. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the Infinity Datasource plugin for the Grafana monitoring and observation platform relates to server-side request manipulation. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF in loonflow r2.0.14 allows attackers to force the application to make arbitrary requests via manipulation of the hookurl parameter...
The vulnerability of the ManageJiraConnectors API interface of the cloud-based corporate solution for planning and managing software and IT projects like Jira Align (formerly AgileCraft) allows a malicious actor to disclose protected information.
The vulnerability of the ManageJiraConnectors API interface of the cloud-based corporate solution for planning and managing software and IT projects like Jira Align formerly AgileCraft involves server-side request manipulation. Exploiting this vulnerability allows a malicious actor to disclose...
The vulnerability of Red Hat Advanced Cluster Security (RHACS) for Kubernetes, related to server-side manipulation of requests, allows attackers to enhance their privileges and gain unauthorized access to protected information.
The vulnerability of the Red Hat Advanced Cluster Security RHACS control and container management tool for Kubernetes is related to server-side manipulation of requests. Exploiting this vulnerability can allow attackers to enhance their privileges and gain unauthorized access to protected...
The vulnerability of the Adobe Experience Manager content and media data management system, caused by server-side manipulation of requests, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Adobe Experience Manager content and media data management system is caused by server-side manipulation of requests. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP network protoc...
CVE-2020-26177
In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied client-side. Manipulating any of the greyed-out values in requests to /api/profile is not prohibit...
XWork 2.0.11.2 - ParameterInterceptor Class OGNL Security Bypass
XWork 2.0.11.2 - ParameterInterceptor Class OGNL Security Bypass source: https://www.securityfocus.com/bid/32101/info XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. Attackers can exploit this issue to manipulate server-side context...