1895 matches found
CVE-2019-9202
Nagios IM component of Nagios XI before 2.2.7 allows authenticated users to execute arbitrary code via API key issues...
CVE-2019-9202
Nagios IM component of Nagios XI before 2.2.7 allows authenticated users to execute arbitrary code via API key issues...
Input validation
Nagios IM component of Nagios XI before 2.2.7 allows authenticated users to execute arbitrary code via API key issues...
CVE-2019-9202
Nagios IM (component of Nagios XI) prior to 2.2.7 is vulnerable to an authenticated arbitrary code execution via API key issues. This CVE (CVE-2019-9202) is confirmed in Red Hat and other advisories, affecting Nagios IM versions
CVE-2019-9202
Nagios IM component of Nagios XI before 2.2.7 allows authenticated users to execute arbitrary code via API key issues...
Arjun v1.3 - HTTP Parameter Discovery Suite
Features Multi-threading 4 modes of detection A typical scan takes 30 seconds Regex powered heuristic scanning Huge list of 25,980 parameter names Makes just 30-35 requests to the target Usage Note: Arjun doesn't work with python 3.4 Discover parameters To find GET parameters, you can simply do:...
Information Disclosure
pact-js is vulnerable to information disclosure. Logs containing confidential information such as an AWS API Key are written into the log file in plain text as warnings when customProviderHeaders is used. This could potentially allow a local attacker to retrieve the information and perform furthe...
Nagios XI API Key Regeneration Privilege Escalation (CVE-2018-15711)
A privilege escalation vulnerability exists in the API component of Nagios XI. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access...
Zendesk: Leaked artifactory_api_key via GitHub.
It was reported to Zendesk that a valid API key to an instance of Artifactory was unintentionally leaked via a public GitHub repository. We immediately rotated the key and investigated to ensure it was not utilized by any other party. We want to thank @rubyroobs for providing a detailed report...
Design/Logic Flaw
Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in...
CVE-2019-7628
Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in...
CVE-2019-7628
Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail servers validate TLS certificates, so it is easy for man-in-the-middle attackers to read these e-mails and gain access to Pagure on behalf of other users. This issue is found in the API token expiration reminder cron job in...
CVE-2018-15656
An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specifie...
CVE-2019-1657 Cisco AMP Threat Grid API Key Information Disclosure Vulnerability
A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected...
CVE-2019-1657 Cisco AMP Threat Grid API Key Information Disclosure Vulnerability
A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected...
Cisco AMP Threat Grid API Key Information Disclosure Vulnerability
A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected...
WordPress Social Network Tabs premium plugin <=1.7.1 - Social Media API Key Leakage vulnerability
Social Media API Key Leakage vulnerability found by @fs0c131y in WordPress Social Network Tabs premium plugin versions =1.7.1. Solution 26 January 2019 - we were unable to find any information about the patched version of this plugin. We recommend to deactivate and delete this plugin from your...
Design/Logic Flaw
On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...
CVE-2019-0004 Juniper ATP: API and device keys are logged in a world-readable permissions file
On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3...
CVE-2019-0004
CVE-2019-0004 affects Juniper ATP 5.0 prior to 5.0.3. The issue is that API keys and device keys are logged to a file readable by local authenticated users, enabling potential abuse of WebUI operations. Affected component: Juniper ATP 5.0.x; root cause: keys logged to a world-readable/local file....