OSIsoft PI Server 跨站脚本漏洞

Osisoft OSIsoft PI is a commercial software application platform based on the Ckient/Server architecture from OSIsoft Osisoft, USA. The platform supports data collection, analysis and visualization, etc. A security vulnerability exists in OSIsoft PI Server, which can be exploited by remote...

OSIsoft PI Server Cross-Site Scripting Vulnerability

Osisoft OSIsoft PI is a commercial software application platform based on the Ckient/Server architecture from OSIsoft Osisoft, USA. The platform supports data collection, analysis and visualization, etc. A security vulnerability exists in OSIsoft PI Server, which can be exploited by remote...

OSIsoft PI Web API

1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: OSIsoft Equipment: PI Web API Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote authenticated attacker access to sensitive...

CVE-2021-24677

The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles...

TIBCO Software JasperReports Server 竞争条件问题漏洞

Tibco Software TIBCO Software JasperReports Server is an embeddable reporting server from TIBCO Software Tibco Software, Inc. that provides reporting and analytics capabilities that can be embedded into web or mobile devices. A competitive condition issue vulnerability exists in various TIBCO...

Github pcapture 代码问题漏洞

Github pcapture is the project uses Quarkus, the Supersonic Subatomic Java framework. A code issue vulnerability exists in pcapture that allows authenticated but unprivileged users to capture and download packets using the REST API without a capture filter and sufficient privileges...

B.Braun SpaceCom2 代码问题漏洞

The B. Braun SpaceCom2 is a hardware device from B. Braun, Germany, designed to connect to external devices to record data in a patient data management system, PC, or USB memory stick. A security vulnerability exists in versions of the B. Braun SpaceCom2 prior to 012U000062, which allows a remote...

Automating security assessments using Cloud Katana

Today, we are open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud provider...

Automating security assessments using Cloud Katana

Today, we are open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud provider...

Huawei DG8045 Authentication Bypass

Title: Huawei dg8045 - Authentication Bypass Date: 2020-06-24 Author: Abdalrahman Gamal Vendor Homepage: www.huawei.com Version: dg8045 Hardware Version: VER.A POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device. An...

CVE-2021-29086

Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager DSM before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors...

PT-2021-18076 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-3 Description: The issue is related to a Path Traversal vulnerability in the webapi component, allowing remote attackers to write arbitrary files via unspecified vectors...

Synology DiskStation Manager 信息泄露漏洞

DiskStation Manager DSM is an operating system that runs on all Synology NAS and can be operated through an intuitive web interface. An information disclosure vulnerability exists in the webapi component of Synology DiskStation Manager prior to version 6.2.3-25426-3. A remote attacker can exploit...

CVE-2021-3044

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier th...

CVE-2021-26473

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebserviceo.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server...

Synology Video Station Video Station 代码问题漏洞

Synology Video Station is a video management center. It can manage all movies, TV shows and home videos on Synology NAS. A server-side request forgery vulnerability exists in the Synology Video Station webapi component before 2.4.10-1632, which can be exploited by a remote authenticated attacker ...

Red Hat Data Grid 跨站请求伪造漏洞

Red Hat Data Grid is a memory-based Nosql database with distributed support from Red Hat. Red Hat Data Grid 8.2.0 suffers from a cross-site request forgery vulnerability that stems from a lack of authentication measures or insufficient authentication strength in a networked system or product. An...

The vulnerability of the REST API interface of the Cisco Firepower Device Manager On-Box software allows a hacker to trigger a maintenance failure.

The vulnerability of the REST API interface of the Cisco Firepower Device Manager On-Box software relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to trigger service failure remotely...

Dell OpenManage Server Administrator 9.4.0.0 File Read

Exploit Title: Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read Date: 4/27/2020 Exploit Author: Rhino Security Labs Version: :' exit This XML to imitate a Dell OMSA remote system comes from https://www.exploit-db.com/exploits/39909 Also check out...

UBUNTU-CVE-2015-2685

SQL injection in Icinga Web API...