UBUNTU-CVE-2018-18839

DISPUTED An issue was discovered in Netdata 1.10.0. Full Path Disclosure FPD exists via api/v1/alarms. NOTE: the vendor says "is intentional."...

Command Injection

Overview All versions of soletta-dev-app are vulnerable to Command Injection. The package does not validate user input on the /api/service/status API endpoint, passing contents of the service query parameter to an exec call. This may allow attackers to run arbitrary commands in the system...

Command Injection

Overview Versions of addax prior to 1.1.0 are vulnerable to Command Injection. The package does not validate user input on the presignPath function which receives input directly from the API endpoint. Exploiting the vulnerability requires authentication. This may allow attackers to run arbitrary...

CVE-2018-15664

A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause arbitrary files on t...

Flickr: Improper access control in place for "member only" groups via root.YUI_config.flickr.api.site_key

Researcher identified API endpoint that was not doing sufficient permission validation...

Connected camera cock up

I haven’t touched adult toy security for over a year now, mostly because we kept finding the same stuff over and over again. Besides, @internetofdongs has been doing some great work in this space, so it seemed pointless to duplicate his efforts. However, this morning, @dcuthbert tweeted us this: ...

CVE-2018-15656

An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specifie...

PT-2019-16767 · Labkey · Labkey Server Community Edition

Name of the Vulnerable Software and Affected Versions: LabKey Server Community Edition versions prior to 18.3.0-61806.763 Description: The issue is related to an open redirect vulnerability. It affects the / r1/ API endpoint, specifically the returnURL parameter, allowing an unauthenticated remot...

PT-2018-15155 · Razorcms · Razorcms

Name of the Vulnerable Software and Affected Versions: razorCMS version 3.4.8 Description: The issue is related to HTML injection in the software. It can be exploited via the "//page" API endpoint, specifically through the keywords parameter. Recommendations: For razorCMS version 3.4.8, consider...

GHSA-P69G-F978-XXV9 Cross-Site Request Forgery (CSRF) in Luigi

Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery CSRF vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, parameter, etc. will be leake...

CVE-2018-1000843

Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery CSRF vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, parameter, etc. will be leake...

Cross site request forgery (csrf)

Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery CSRF vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, parameter, etc. will be leake...

Cross site request forgery (csrf)

The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle MiTM attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access,...

CVE-2018-17195

The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle MiTM attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access,...

CVE-2018-17195

Apache NiFi template upload API is vulnerable to CSRF due to missing CORS filtering on the template/upload endpoint. The issue allows cross-origin requests that can lead to unauthorized operations when combined with a MiTM/ARP-spoofing scenario. Affected versions include NiFi 1.0.0 through 1.7.1 ...

CVE-2018-17195

The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle MiTM attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access,...

CVE-2018-19367

Portainer through 1.19.2 provides an API endpoint /api/users/admin/check to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case...

PT-2018-14766 · Mpdf · Mpdf

Name of the Vulnerable Software and Affected Versions: mPDF versions prior to 7.1.7 Description: The issue allows for Server-Side Request Forgery SSRF if mPDF is deployed as a web application that accepts arbitrary HTML. This can be demonstrated by an substring that triggers a call to getImage in...

PT-2018-14403 · Asuswrt Merlin · Merlin.Php

Name of the Vulnerable Software and Affected Versions: Merlin.PHP version 0.6.6 Description: An issue was discovered in the Merlin.PHP component for Asuswrt-Merlin devices, allowing an attacker to execute arbitrary commands. This is due to an eval call in api.php, as demonstrated by the...

Khan Academy: Cross-Site Request Forgery (CSRF) vulnerability on API endpoint allows account takeovers

Summary The /signup/email API endpoint at khanacademy.org is vulnerable to Cross-Site Request Forgery CSRF attacks, allowing takeovers of accounts associated with unconfirmed email addresses. Description The vulnerable endpoint allows an authenticated user to change the email address associated...