 This Q2 2022 recap post takes a look at some of the latest investments we've made ...
Continue Reading
July 06, 2022
# Description In `file-manager/list` API, the server does not handling `path` parameters properly lead to allow listing any directory. To exploit, use double URL encoding to bypass filter. # Proof of ...
Continue Reading
July 06, 2022
Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a ...
Continue Reading
July 06, 2022
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwr ...
Continue Reading
July 06, 2022
Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, i ...
Continue Reading
July 06, 2022
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional ...
Continue Reading
July 06, 2022
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactor ...
Continue Reading
July 06, 2022
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFro ...
Continue Reading
July 06, 2022
Back to Main
