1998 matches found
CVE-2018-17195
The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle MiTM attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access,...
CVE-2018-17195
The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle MiTM attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access,...
CVE-2018-17195
Apache NiFi template upload API is vulnerable to CSRF due to missing CORS filtering on the template/upload endpoint. The issue allows cross-origin requests that can lead to unauthorized operations when combined with a MiTM/ARP-spoofing scenario. Affected versions include NiFi 1.0.0 through 1.7.1 ...
CVE-2018-19367
Portainer through 1.19.2 provides an API endpoint /api/users/admin/check to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case...
PT-2018-14766 · Mpdf · Mpdf
Name of the Vulnerable Software and Affected Versions: mPDF versions prior to 7.1.7 Description: The issue allows for Server-Side Request Forgery SSRF if mPDF is deployed as a web application that accepts arbitrary HTML. This can be demonstrated by an substring that triggers a call to getImage in...
PT-2018-14403 · Asuswrt Merlin · Merlin.Php
Name of the Vulnerable Software and Affected Versions: Merlin.PHP version 0.6.6 Description: An issue was discovered in the Merlin.PHP component for Asuswrt-Merlin devices, allowing an attacker to execute arbitrary commands. This is due to an eval call in api.php, as demonstrated by the...
Khan Academy: Cross-Site Request Forgery (CSRF) vulnerability on API endpoint allows account takeovers
Summary The /signup/email API endpoint at khanacademy.org is vulnerable to Cross-Site Request Forgery CSRF attacks, allowing takeovers of accounts associated with unconfirmed email addresses. Description The vulnerable endpoint allows an authenticated user to change the email address associated...
openSUSE Security Update : cobbler (openSUSE-2018-952)
This update for cobbler fixes the following issues : Security issues fixed : - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...
Security update for cobbler (important)
This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...
PT-2018-3857 · Mitsubishi · Mitsubishi Electric Smartrtu
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric SmartRTU affected versions not specified Description: The issue is related to the lack of protection for the web page structure in Mitsubishi Electric SmartRTU, allowing an attacker to conduct cross-site scripting attacks...
MicroFocus Secure Messaging Gateway Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution", 'Description' = %q This module exploits a SQL injection and command injection...
MicroFocus Secure Messaging Gateway Remote Code Execution Exploit
This Metasploit module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application...
Security Glitch in IoT Camera Enabled Remote Monitoring
Swann has patched a flaw in its connected cameras that would allow a remote attacker to access their video feeds. A research team, consisting of Andrew Tierney, Chris Wade and Ken Munro from Pen Test Partners, as well as security researchers Alan Woodward, Scott Helme and Vangelis Stykas, develop...
Chaturbate: Users may still able to view chat room panel of password protected rooms
The hacker found that the chat room panel could be accessed without the user having the room password. This was resolved. An attacker may able to view a password protected chat room panel by requesting the api endpoint for room panel. It discloses information depends on what app they use...
Remote code execution
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This...
CVE-2018-1999019
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This...
CVE-2018-1999019
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This...
CVE-2018-1999019
CVE-2018-1999019 concerns Chamilo LMS 11.x, where an Unserialization vulnerability in the GET parameter "hash" of the /webservices/api/v2.php endpoint enables unauthenticated remote code execution. The issue can be exploited with a simple GET request to the API. The vulnerability appears fixed af...
CVE-2018-1999019
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This...
Multiple Bugs Found in QNAP Q’Center Web Console
Researchers found an array of high severity vulnerabilities in network storage vendor QNAP’s web console, which could enable an authenticated attacker to gain privileges and execute arbitrary commands on the system. The web-based platform, Q’center, allows users to manage network attached storage...