Code injection

The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...

CVE-2015-5629

The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...

CVE-2015-5629

The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors...

CVE-2015-5629

The CVE pertains to the NTT Broadband Platform Japan Connected-free Wi‑Fi application (Android up to 1.6.0 and iOS up to 1.0.2). Multiple connected sources confirm a vulnerability that allows bypassing the URL whitelist protection and may enable arbitrary API execution or loading of arbitrary pag...

The vulnerability of the Adobe Reader PDF viewer program allows a hacker to circumvent access restrictions.

The vulnerability of the Adobe Reader PDF viewer program is related to security configuration errors. Exploiting this vulnerability could allow a malicious actor to bypass restrictions on access to the JavaScript API...

The vulnerability of Adobe Acrobat’s PDF editing software allows a hacker to circumvent access restrictions.

The vulnerability of the Adobe Acrobat PDF editing program is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass restrictions on access to the JavaScript API...

The vulnerability of the Adobe Reader DC PDF viewer program, which allows a hacker to circumvent access restrictions

The vulnerability of the Adobe Reader DC PDF viewer program is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass restrictions on access to the JavaScript API...

CVE-2015-0297

Red Hat JBoss Operations Network 3.3.1 is affected by CVE-2015-0297. The issue arises because the server did not correctly restrict access to certain remote APIs, enabling a remote, unauthenticated attacker to execute arbitrary Java methods via the ServerInvokerServlet or SchedulerService, and po...

CVE-2015-0297

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the 1 ServerInvokerServlet or 2 SchedulerService or 3 cause a denial of service disk consumption via the ContentManager...

KLA10503 Multiple vulnerabilities in IBM products

Multiple serious vulnerabilities have been found in IBM products. Below is a complete list of vulnerabilities 1. Improper WAR applications support in IBM Bluemix can be exploited remotely via unspecified vectors related to Java overlay feature; 2. Improper API access restrictions in IBM API...

foreman-proxy: failure to verify SSL certificates

It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted...

JVN#31082531: Cybozu Garoon 3 API access restriction bypass vulnerability

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability CWE-264 when using Garoon APIs. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code. Solution Update the Software Update to the latest version...

Details for CVE-2014-0220

------------------------------------------------------------------------------------------ Technical Service Bulletin 2014-28 TSB Title: Security Vulnerability: Sensitive Configuration Values Exposed in Cloudera Manager Certain configuration values that are stored in Cloudera Manager are consider...

Design/Logic Flaw

Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors...

CVE-2013-4860

Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors...

Huawei E355 API验证绕过漏洞

CVE ID:CVE-2013-6031 Huawei E355是一款被称为WiFi猫的设备。 Huawei E355应用程序不正确限制对某些API函数的访问，允许攻击者利用漏洞绕过安全限制获取受限信息。 0 Huawei E355 21.157.37.01.910 目前没有详细解决方案提供： http://www.huawei.com...

[Microsoft Network Monitor 3.4] Tool to allow capturing and protocol analysis of network traffic

Microsoft's Network Monitor is a tools that allow capturing and protocol analysis of network traffic. Network Monitor 3 is a protocol analyzer. It enables you to capture, to view, and to analyze network data. You can use it to help troubleshoot problems with applications on the network. This...

Fedora 19 : ReviewBoard-1.7.16-2.fc19 / python-djblets-0.7.21-1.fc19 (2013-18931)

Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of...

Keystone: Lack of authorization for adding users to tenants

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

Cobbler xmlrpc API power_system Method Remote Shell Command Execution

According to its self-reported version, the Cobbler install on the remote host is affected by a command injection vulnerability that can be exploited by sending a specially crafted username or password argument to the 'powersystem' method. Successful exploitation requires an authenticated user an...