The public API error causes for the attacker to be able to bypass API access... ...
Continue Reading11 марта, 2022
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI. ...
Continue Reading11 марта, 2022
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint... ...
Continue Reading10 марта, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/plugin/pmx&quo ...
Continue Reading10 марта, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/ ...
Continue Reading10 марта, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not hav ...
Continue Reading10 марта, 2022
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve ...
Continue Reading10 марта, 2022
CasaOS before v0.2.7 was discovered to contain a command injection vulnerability via the component leave or join zerotier... ...
Continue Reading10 марта, 2022
Back to Main