1618 matches found
Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users
Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019. Google said it discovered another critical security...
CVE-2018-7066
CVE-2018-7066 describes an unauthenticated remote command execution in Aruba ClearPass Policy Manager via the OnConnect feature. A defect in the API used to link other network devices (configuration under CLI Settings for linked devices) could allow a remote attacker to execute arbitrary commands...
Cross site scripting
Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path...
CVE-2018-13022
Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path...
CVE-2018-19367
Portainer through 1.19.2 provides an API endpoint /api/users/admin/check to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case...
CVE-2018-0435
A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could...
The vulnerability of the API components of Sun ZFS Storage Appliance Kit allows a perpetrator to gain unauthorized access to protected data or cause service failures.
The vulnerability of the API components of Sun ZFS Storage Appliance Kit AK is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data or cause service failures using network protocols...
CVE-2018-7059
Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when...
CVE-2018-7059
Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when...
CVE-2018-7059
Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when...
CVE-2018-6590
CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability...
Unspecified Vulnerability in Oracle Sun Systems Products Suite Sun ZFS Storage Appliance Kit Component (CNVD-2019-36183)
Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation.Sun ZFS Storage Appliance Kit AK is one of the ZFS storage appliance kits. A security vulnerability exists in the API frameworks subcomponent of the Sun ZFS Storage AK prior to version 8.7.18 component of...
RSA Archer REST API Authorization Bypass Vulnerability
RSA Archer is an enterprise IT governance and compliance governance product. RSA Archer has an authorization bypass vulnerability in the REST API that can be exploited by an attacker to elevate privileges...
The vulnerability of the API interface of the Qualcomm Trusted Execution Environment component in the Android operating system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the API interface of the Qualcomm Trusted Execution Environment component in the Android operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of...
CVE-2018-13791
The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter...
CVE-2018-9998
Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks...
CVE-2018-12716
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scanresults JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its...
Indonesian Hacker Group Cashes In On Blockbuster Movie Titles
When breaking the law isn't a barrier, there’s always a way to make a quick buck. We see it every day, and this time from an Indonesian cybercrime campaign infecting vulnerable websites by luring their visitors to a network of scam websites using blockbuster movies. The attack part I: Recruiting...
Open redirect
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs...
hub.mph.in.gov XSS vulnerability
Open Bug Bounty ID: OBB-630917 Description| Value ---|--- Affected Website:| hub.mph.in.gov Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...