CVE-2021-37234

Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API...

CVE-2021-37234

CVE-2021-37234 affects Modern Honey Network, due to an Incorrect Access Control in the Web API that allows remote attackers to view sensitive information via a crafted PUT request. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) indicates network access without authentication, with part...

FreeBSD : Spotipy -- Path traversal vulnerability (c3fb48cc-a2ff-11ed-8fbc-6cf0490a8c18)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c3fb48cc-a2ff-11ed-8fbc-6cf0490a8c18 advisory. - Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a...

CVE-2023-23608 spotipy Path traversal vulnerability that may lead to type confusion in URI handling code

Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and URLs allows an...

CVE-2023-23608

Spotipy (Python library for Spotify Web API) versions prior to 2.22.1 are affected by a path-traversal issue in URI handling. The library’s URI/URL parsing can insert arbitrary characters into the API-request path (e.g., ".."), allowing requests to be redirected from one endpoint to another (such...

CVE-2022-46764

A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 fixed in 5.2.6.10025 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution...

Sql injection

A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution...

TrueConf Server SQL注入漏洞

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. A security vulnerability exists in TrueConf Server version 5.2.0.10225, which stems from a web API that allows an unauthenticated, remote attacker to execute arbitrary SQL commands via SQL...

CVE-2022-46764

A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 fixed in 5.2.6.10025 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution...

PT-2022-27978

Name of the Vulnerable Software and Affected Versions TrueConf Server version 5.2.0.10225 Description A SQL injection issue in the web API allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution. Recommendations For TrueConf Server...

DEBIAN-CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

CVE-2022-29836

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file...

PT-2022-19866 · Sandisk +1 · Sandisk Ibi +1

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud Home versions prior to 8.11.0-113 Western Digital My Cloud Home Duo versions prior to 8.11.0-113 SanDisk ibi versions prior to 8.11.0-113 Description: A Path Traversal vulnerability was discovered via an HTTP API on...

Slack Morphism Information Disclosure Vulnerability

Slack Morphism is a modern asynchronous client library for Rust that supports Slack Web, Events APIocket Mode, and Block Kit. versions prior to Slack Morphism 1.3.2 have an information disclosure vulnerability that stems from insufficient protection of sensitive information in the application,...

The vulnerability of the REST API interface of the software platform for implementing the hypertext environment of MediaWiki allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the REST API interface of the software platform for implementing the hypertext environment of MediaWiki is related to the disclosure of information. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected...

FortiSOAR - Path traversal vulnerabilities in the web API

Multiple relative path traversal vulnerabilities CWE-23 in the web API of FortiSOAR may allow an authenticated attacker to write in the underlying filesystem with nginx permissions via crafted HTTP requests...

Netwrix Auditor Web API Detection

Binary data netwrixauditorwebapidetect.nbin...

CVE-2022-27617

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors...

CVE-2022-27618

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors...

Synology SSO Server 路径遍历漏洞

Synology SSO Server is a server software from China-based Synology Inc. that provides single sign-on functionality. A path traversal vulnerability exists in Synology SSO Server versions prior to 2.2.3-0331, which stems from an improper restriction on the pathname of a restricted directory in the...