855 matches found
CVE-2024-39873
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force...
CVE-2024-39873
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force...
CVE-2024-39873
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force...
CVE-2024-39873
Summary: CVE-2024-39873 affects Siemens SINEMA Remote Connect Server (all versions before V3.2 SP1). The security issue is a failure to properly implement brute-force protection on the web API authentication, which could allow an attacker to learn user credentials vulnerable to brute force attack...
Siemens SINEMA Remote Connect Server 安全漏洞
Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. A security vulnerability exists in Siemens SINEMA Remote Connect Server because the affected...
CVE-2024-38518 bbb-web API additional parameters considered
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an...
Malicious code in http-api-lookup (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in aspnet-webapi-auth (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-34103 Customer account takeover via web API call & subsequent password reset
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application...
CVE-2024-34103 Customer account takeover via web API call & subsequent password reset
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application...
CVE-2024-3468
There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker...
CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API
There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker...
CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API
There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker...
CVE-2024-3468
CVE-2024-3468 affects AVEVA PI Web API (versions 2023 and earlier). The vulnerability is Deserialization of Untrusted Data that could allow malicious code to execute in the PI Web API environment when an interactive user is socially engineered to use API XML import payloads. CVSS details indicate...
PT-2024-37099 · Logsign · Logsign Unified Secops Platform
Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. The flaw exists within the HTTP API and results from using a...
PT-2024-37094 · Logsign · Logsign Unified Secops Platform
Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing...
OSIsoft PI Web API Code Issue Vulnerability
The Osisoft OSIsoft PI Web API is a RESTful interface to a set of PI systems from the US company Osisoft. The product supports client applications with read and write access to their AF and PI data over HTTPS. A code issue vulnerability exists in the OSIsoft PI Web API, which stems from a...
AVEVA PI Web API
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : AVEVA Equipment : PI Web API Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code...
jenkins-2-plugins: matrix-project plugin path traversal vulnerability
A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on...
Apache ActiveMQ 6.x < 6.1.2 Insecure Web API Vulnerability
The version of Apache ActiveMQ running on the remote host is 6.x prior to 6.1.2. It is, therefore, affected by an insecure the API web that a attacker can use without any required authentication. Note that Nessus has not tested for this issue but has instead relied only on the application's...