An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated ...
Continue ReadingMay 19, 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. ...
Continue ReadingMay 19, 2022
XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Mana ...
Continue ReadingMay 19, 2022
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attr ...
Continue ReadingMay 19, 2022
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold u ...
Continue ReadingMay 19, 2022
# Description Hey, when I attempt to change the password, I noticed that you haven't kept any password boundary. You need to limit password length. Hashing a large amount of data can cause significant ...
Continue ReadingMay 19, 2022
The Conduit feed.publish API allows a user to publish stories to the feed. The API accepts a parameter "type" which will be set to `PhabricatorTokenGivenFeedStory` and accepts JSON in the "data" para ...
Continue ReadingMay 19, 2022
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the ...
Continue ReadingMay 11, 2022
Back to Main