869 matches found
TrueConf Server SQL注入漏洞
TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. A security vulnerability exists in TrueConf Server version 5.2.0.10225, which stems from a web API that allows an unauthenticated, remote attacker to execute arbitrary SQL commands via SQL...
CVE-2022-46764
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 fixed in 5.2.6.10025 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution...
PT-2022-27978
Name of the Vulnerable Software and Affected Versions TrueConf Server version 5.2.0.10225 Description A SQL injection issue in the web API allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution. Recommendations For TrueConf Server...
DEBIAN-CVE-2022-45132
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
CVE-2022-29836
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file...
PT-2022-19866 · Sandisk +1 · Sandisk Ibi +1
Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud Home versions prior to 8.11.0-113 Western Digital My Cloud Home Duo versions prior to 8.11.0-113 SanDisk ibi versions prior to 8.11.0-113 Description: A Path Traversal vulnerability was discovered via an HTTP API on...
Update Rollup 1 for System Center 2022 Orchestrator
Update Rollup 1 for System Center 2022 Orchestrator Applies to Microsoft System Center 2022 Orchestrator UR1. Introduction This article describes the issues that are fixed in Update Rollup 1 for Microsoft System Center Orchestrator 2022. This article also contains the installation instructions fo...
The vulnerability of the REST API interface of the software platform for implementing the hypertext environment of MediaWiki allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the REST API interface of the software platform for implementing the hypertext environment of MediaWiki is related to the disclosure of information. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected...
Slack Morphism Information Disclosure Vulnerability
Slack Morphism is a modern asynchronous client library for Rust that supports Slack Web, Events APIocket Mode, and Block Kit. versions prior to Slack Morphism 1.3.2 have an information disclosure vulnerability that stems from insufficient protection of sensitive information in the application,...
FortiSOAR - Path traversal vulnerabilities in the web API
Multiple relative path traversal vulnerabilities CWE-23 in the web API of FortiSOAR may allow an authenticated attacker to write in the underlying filesystem with nginx permissions via crafted HTTP requests...
Netwrix Auditor Web API Detection
Binary data netwrixauditorwebapidetect.nbin...
CVE-2022-27617
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors...
CVE-2022-27618
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors...
PT-2022-18527 · Synology · Synology Usb Copy
Name of the Vulnerable Software and Affected Versions: Synology USB Copy versions prior to 2.2.0-1086 Description: The issue is related to a Path Traversal vulnerability in the webapi component, allowing remote authenticated users to read or write arbitrary files via unspecified vectors...
Synology SSO Server 路径遍历漏洞
Synology SSO Server is a server software from China-based Synology Inc. that provides single sign-on functionality. A path traversal vulnerability exists in Synology SSO Server versions prior to 2.2.3-0331, which stems from an improper restriction on the pathname of a restricted directory in the...
CVE-2022-27617
Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors...
CVE-2022-27616
Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in webapi component in Synology DiskStation Manager DSM before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors...
PT-2022-18516 · Synology · Audio Station
Name of the Vulnerable Software and Affected Versions: Synology Audio Station versions prior to 6.5.4-3367 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the webapi component. This allows remo...
Synology CardDAV Server SQL注入漏洞
Synology CardDAV Server is a contact management package from Synology China. It allows you to synchronize and access the address book on Synology NAS. A SQL injection vulnerability exists in Synology CardDAV Server versions prior to 6.0.10-0153, which stems from improper elimination of special...
Synology WebDAV Server 路径遍历漏洞
Synology WebDAV Server is an HTTP expansion service that allows users to edit and manage files stored on remote servers. A path traversal vulnerability exists in Synology WebDAV Server, which stems from an improper restriction of the pathname of a restricted directory by the webapi component, and...