CVE-2017-11629

dayrui FineCms through 5.0.10 has Cross Site Scripting XSS in controllers/api.php via the function parameter in a c=api&m=data2 request...

WakaTime: Email Spoofing Via /api/v1/users/reset_password

Thanks @leet-boy! Thanks @alanhamlett and all the team of @WakaTime for fixing this and handling the report quickly and fairly!...

CVE-2017-7283

An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php...

ok.ru: Blind SQL Injection

@linkks reported a blind sql injection: POST /api/updateShareCount HTTP/1.1 Host: insideok.ru Cache-Control: no-cache Accept: application/json, text/javascript, /; q=0.01 Origin: http://insideok.ru Referer: http://insideok.ru/lica User-Agent: Mozilla/5.0 Windows NT 10.0; WOW64; rv:50.0...

Cross-site scripting vulnerability in KingCMS 'conn.php' page

KingCMS is a content management system based on WEB technology. A cross-site scripting vulnerability exists in KingCMS. The /api/conn.php page fails to properly filter user input, allowing an attacker to exploit the vulnerability to build a malicious web page and trick users into parsing it to...

Slack: Rate-limit bypass

Hello Slack, This vulnerability is about a 2FA Bypass, On Slack Web Application there is rate limit implemented. After performing 4-6 failed 2FA Attempt, Rate limit logic will ge Triaged and ask user to wait for next attemptpreventing automated 2FA Attempts I tested the same using iOS AppiOS 9.3....

api.anqu.com XSS vulnerability

Vulnerable URL: http://api.anqu.com/search/index/?keyword=%22%3E%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%2FXSSPOSED%2F%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unkno...

Imgur: Local file read in image editor

Filepaths were able to traverse up outside of their intended directory when using the /edit/process API endpoint. Insufficient imageid filtration in image editor allowed an attacker to read arbitrary files. An attacker could read files by setting file path in imageid GET param in /edit/process AP...

United Airlines Slow to Patch Mobile App Vulnerability

A vulnerability reported to United Airlines that could have been exploited to manipulate flight reservations and customer data sat unpatched for almost six months before it was fixed 10 days ago. Researcher Randy Westergren found and reported an issue in United’s mobile app in May, shortly after...

rubygems: DNS hijacking vulnerability in api_endpoint()

A flaw was found in a way rubygems verified the API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle attacker could use this flaw to force a client to download content from an untrusted domain...

CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint()

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." A flaw was found in a...

CVE-2014-9355

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint...

Cross site request forgery (csrf)

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint...

CVE-2014-9355

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint...

CVE-2014-9355

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint...

CVE-2014-9355

Puppet Enterprise before 3.7.1 allows remote authenticated users to obtain licensing and certificate signing request information by leveraging access to an unspecified API endpoint...

User avatar upload endpoint is vulnerable to XSRF

Stash, as 2.12, will allows users to upload local avatars to their account STASHDEV-6182. That upload is submitted to a non-API end point that accepts a POST request with the avatar as data-uri|https://en.wikipedia.org/wiki/DataUri. Currently, because the form is submitted by AJAX, the end point ...

UBUNTU-CVE-2013-4302

1 ApiBlock.php, 2 ApiCreateAccount.php, 3 ApiLogin.php, 4 ApiMain.php, 5 ApiQueryDeletedrevs.php, 6 ApiTokens.php, and 7 ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the...