110 matches found
CVE-2023-30258
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request...
Command injection
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request...
Privilege Escalation
github.com/hashicorp/nomad is vulnerable to Privilege Escalation. Unauthenticated HTTP requests could bypass ACL authorizations when processed on servers through internal RPCs, allowing a job to be submitted to the cluster without mTLS enabled, which elevates user privileges...
Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation
Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that an unauthenticated request sent to a client agent’s HTTP endpoint bypasses intended ACL authorizations when processed on server through internal RPCs. In doing so, unauthenticated HTTP requests can be used to...
CVE-2023-25717
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?loginusername=admin&password=password$curl substring...
CVE-2021-45310
Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted b...
CVE-2022-21262
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Samples. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Serve...
CVE-2021-35687
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Unified Metadata Manager. Supported versions that are affected are 8.0.7-8.1.1. Easily exploitable vulnerability allows unauthenticated attacker with...
Code injection
Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews...
CVE-2021-35552
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Diagnostics. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...
CVE-2021-2420
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...
CVE-2021-2256
Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2021-2204
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2020-25594
CVE-2020-25594 affects HashiCorp Vault and Vault Enterprise. The issue allowed unauthenticated HTTP requests to enumerate Secrets Engine mount paths. This was fixed in Vault 1.6.2 and Vault Enterprise 1.5.7. The connected sources confirm the vulnerability description and the remediation versions;...
CVE-2020-25594
HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7...
CVE-2021-2040
Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications component: Case Form, Local Affiliate Form. The supported version that is affected is 8.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
CVE-2020-13505
Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability...
Aveva eDNA Enterprise Data Historian Alias.asmx SQL injection Vulnerability
Talos Vulnerability Report TALOS-2020-1109 Aveva eDNA Enterprise Data Historian Alias.asmx SQL injection Vulnerability September 23, 2020 CVE Number CVE-2020-13507, CVE-2020-13508 Summary Multiple SQL injection vulnerabilities exist in the Alias.asmx Web Service functionality of eDNA Enterprise...
CVE-2020-4573
IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitive information due to responding to unauthenticated HTTP requests. IBM X-Force ID: 184180...
CVE-2020-13914
webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service Segmentation fault to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300,...